diff --git a/readme.org b/README.md similarity index 78% rename from readme.org rename to README.md index 65c0af2..231da1e 100644 --- a/readme.org +++ b/README.md @@ -1,4 +1,7 @@ -#+TITLE: xin +xin +=== Ever growing nix configuration. It started as a single host and has eventually consumed more and more machines in my environment! + +![xin](./xintray-logo.png) diff --git a/bin/ci b/bin/ci index 9607ec7..6fd11d6 100755 --- a/bin/ci +++ b/bin/ci @@ -2,6 +2,11 @@ . ./common.sh +if [ -f ./lock ]; then + msg "${SCRIPT_NAME} locked..." + exit 0 +fi + direnv allow CMD=${1:-""} @@ -49,14 +54,22 @@ if [ "${1}" = "update" ]; then continue fi + current_hash="$(git rev-parse HEAD)" + if ! nix flake lock --commit-lock-file --update-input "$inp"; then handle_update_fail "$inp" continue fi - if ! nix flake check --print-build-logs; then - handle_update_check_fail "$inp" - continue + maybe_new_hash="$(git rev-parse HEAD)" + + if [ "${current_hash}" != "${maybe_new_hash}" ]; then + if ! nix flake check --print-build-logs; then + handle_update_check_fail "$inp" + continue + fi + else + msg "No change in input, skipping checks." fi if ! git checkout "${ci_branch}"; then diff --git a/bin/fmt b/bin/fmt index b192b92..e585ba5 100755 --- a/bin/fmt +++ b/bin/fmt @@ -2,7 +2,7 @@ set -e -find . -name \*.nix -exec nix fmt {} \+ +find . -name \*.nix -exec nix fmt -- -q {} \+ find . -name \*.sh -exec shfmt -w {} \+ deadnix -f . diff --git a/bin/update-openssh b/bin/update-openssh new file mode 100755 index 0000000..60faa65 --- /dev/null +++ b/bin/update-openssh @@ -0,0 +1,18 @@ +#!/bin/sh + +ATOM="$(curl -s https://github.com/openssh/openssh-portable/commits/master.atom)" +CURRENT="$(cat pkgs/openssh/version.json)" + +COMMIT="$(echo $ATOM | dasel -rxml 'feed.entry.[0].id' | awk -F/ '{print $NF}')" +COMMENT="$(echo $ATOM | dasel -rxml 'feed.entry.[0].title')" +UPDATED="$(echo $ATOM | dasel -rxml 'feed.entry.[0].updated' | awk -FT '{print $1}')" + +CURRENT_COMMIT="$(echo $CURRENT | jq -r .rev)" + +if [ "${CURRENT_COMMIT}" != "${COMMIT}" ]; then + nix-prefetch-github openssh openssh-portable \ + -rev "${COMMIT}" \ + --json > pkgs/openssh/version.json +else + echo "No updates." +fi diff --git a/bins/default.nix b/bins/default.nix index 12e02ce..c00a854 100644 --- a/bins/default.nix +++ b/bins/default.nix @@ -18,9 +18,11 @@ inherit gosignify; inherit (pkgs) curl; }); + genPatches = pkgs.callPackage ./gen-patches.nix {}; in { environment.systemPackages = with pkgs; [ checkRestart + genPatches ix sfetch tstart diff --git a/bins/gen-patches.nix b/bins/gen-patches.nix new file mode 100644 index 0000000..b383374 --- /dev/null +++ b/bins/gen-patches.nix @@ -0,0 +1,55 @@ +{ + writeShellApplication, + diffutils, + findutils, + coreutils, + ... +}: let + genPatches = writeShellApplication { + name = "gen-patches"; + runtimeInputs = [diffutils findutils coreutils]; + text = '' + suffix=".orig" + srcdir=$PWD + output="$PWD/patches" + + usage() { + echo "Usage: $0 [-s suffix (default .orig)] [-d source directory (default PWD)] [-o output directory (default PWD/patches)]" 1>&2; + exit 1; + } + + while getopts "d:ho:s:" arg; do + case $arg in + d) + srcdir=$OPTARG + ;; + h) + usage + ;; + s) + suffix=$OPTARG + ;; + o) + output=$OPTARG + ;; + *) + usage + esac + done + + mkdir -p "$output" + + # hold my be er! + # shellcheck disable=SC2044 + for patch in $(find "$srcdir" -name "*$suffix"); do + fname=$(basename "$patch" "$suffix") + dname=$(dirname "$patch") + file="$dname/$fname" + outfile="$(echo "$dname/$fname" | sed 's;/;_;g').diff" + diff -u "$patch" "$file" > "$output/$outfile" || \ + echo "==> Created patch: $output/$outfile" + done + ''; + }; +in + genPatches diff --git a/bins/xin-status.nix b/bins/xin-status.nix index 34b5106..f1afd55 100644 --- a/bins/xin-status.nix +++ b/bins/xin-status.nix @@ -7,12 +7,17 @@ use strict; use warnings; - use Data::Dumper; + use MIME::Base64; use lib "${perlPackages.JSON}/${perl.libPrefix}/${perl.version}/"; use JSON qw{ decode_json encode_json }; my $info = decode_json(`nixos-version --json`); $info->{needs_restart} = system('check-restart >/dev/null') == 0 ? JSON::false : JSON::true; + my $sys_diff = `nix store diff-closures /run/booted-system /run/current-system`; + $sys_diff =~ s/\e\[[0-9;]*m(?:\e\[K)?//g; + + $info->{system_diff} = encode_base64($sys_diff); + print encode_json $info; '' diff --git a/configs/ci.nix b/configs/ci.nix index d5a55fe..2bcdadd 100644 --- a/configs/ci.nix +++ b/configs/ci.nix @@ -6,6 +6,7 @@ xinlib, ... }: let + inherit (xinlib) prIsOpen; jobs = [ { name = "xin-ci-update"; @@ -105,6 +106,6 @@ in #}; }; - boot.binfmt.emulatedSystems = ["aarch64-linux"]; + boot.binfmt.emulatedSystems = ["aarch64-linux" "armv6l-linux"]; }; } diff --git a/configs/colemak.nix b/configs/colemak.nix index 5890ec8..c81b6bd 100644 --- a/configs/colemak.nix +++ b/configs/colemak.nix @@ -20,7 +20,17 @@ with lib; { services.xserver = { layout = "us"; xkbVariant = "colemak"; - xkbOptions = "ctrl:swapcaps"; + xkbOptions = "ctrl:swapcaps,compose:ralt"; + inputClassSections = [ + '' + Identifier "precursor" + MatchIsKeyboard "on" + MatchProduct "Precursor" + MatchVendor "Kosagi" + Option "XkbLayout" "us" + Option "XkbVariant" "basic" + '' + ]; }; }; } diff --git a/configs/default.nix b/configs/default.nix index bf5c749..c9ccc8e 100644 --- a/configs/default.nix +++ b/configs/default.nix @@ -3,7 +3,6 @@ ./ca.nix ./ci.nix ./colemak.nix - ./develop.nix ./dns.nix ./doas.nix ./git.nix diff --git a/configs/develop.nix b/configs/develop.nix deleted file mode 100644 index c445730..0000000 --- a/configs/develop.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; { - options = { - jetbrains = {enable = mkEnableOption "Install JetBrains editors";}; - }; - - config = mkMerge [ - (mkIf config.jetbrains.enable { - nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) ["idea-ultimate"]; - - environment.systemPackages = with pkgs; [jetbrains.idea-ultimate sshfs]; - }) - ]; -} diff --git a/configs/doom.d/config.el b/configs/doom.d/config.el new file mode 100644 index 0000000..4f909c3 --- /dev/null +++ b/configs/doom.d/config.el @@ -0,0 +1,4 @@ +(setq + acme-theme-black-fg t) + +(load-theme 'acme t) diff --git a/configs/doom.d/init.el b/configs/doom.d/init.el new file mode 100644 index 0000000..4f2e3e3 --- /dev/null +++ b/configs/doom.d/init.el @@ -0,0 +1,186 @@ +;;; init.el -*- lexical-binding: t; -*- + +;; This file controls what Doom modules are enabled and what order they load +;; in. Remember to run 'doom sync' after modifying it! + +;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's +;; documentation. There you'll find a "Module Index" link where you'll find +;; a comprehensive list of Doom's modules and what flags they support. + +;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or +;; 'C-c c k' for non-vim users) to view its documentation. This works on +;; flags as well (those symbols that start with a plus). +;; +;; Alternatively, press 'gd' (or 'C-c c d') on a module to browse its +;; directory (for easy access to its source code). + +(doom! :input + + :completion + company ; the ultimate code completion backend + vertico ; the search engine of the future + + :ui + doom ; what makes DOOM look the way it does + doom-dashboard ; a nifty splash screen for Emacs + doom-quit ; DOOM quit-message prompts when you quit Emacs + doom-theme + ;;(emoji +unicode) ; 🙂 + hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW + ;;hydra + ;;indent-guides ; highlighted indent columns + ;;ligatures ; ligatures and symbols to make your code pretty again + ;;minimap ; show a map of the code on the side + modeline ; snazzy, Atom-inspired modeline, plus API + ;;nav-flash ; blink cursor line after big motions + ;;neotree ; a project drawer, like NERDTree for vim + ophints ; highlight the region an operation acts on + (popup +defaults) ; tame sudden yet inevitable temporary windows + ;;tabs ; a tab bar for Emacs + treemacs ; a project drawer, like neotree but cooler + unicode ; extended unicode support for various languages + vc-gutter ; vcs diff in the fringe + vi-tilde-fringe ; fringe tildes to mark beyond EOB + ;;window-select ; visually switch windows + workspaces ; tab emulation, persistence & separate workspaces + ;;zen ; distraction-free coding or writing + + :editor + (evil +everywhere); come to the dark side, we have cookies + file-templates ; auto-snippets for empty files + fold ; (nigh) universal code folding + (format +onsave) ; automated prettiness + ;;god ; run Emacs commands without modifier keys + ;;lispy ; vim for lisp, for people who don't like vim + ;;multiple-cursors ; editing in many places at once + ;;objed ; text object editing for the innocent + ;;parinfer ; turn lisp into python, sort of + ;;rotate-text ; cycle region at point between text candidates + snippets ; my elves. They type so I don't have to + ;;word-wrap ; soft wrapping with language-aware indent + + :emacs + dired ; making dired pretty [functional] + electric ; smarter, keyword-based electric-indent + ;;ibuffer ; interactive buffer management + undo ; persistent, smarter undo for your inevitable mistakes + vc ; version-control and Emacs, sitting in a tree + + :term + ;;eshell ; the elisp shell that works everywhere + ;;shell ; simple shell REPL for Emacs + ;;term ; basic terminal emulator for Emacs + ;;vterm ; the best terminal emulation in Emacs + + :checkers + syntax ; tasing you for every semicolon you forget + (spell +flyspell) ; tasing you for misspelling mispelling + ;;grammar ; tasing grammar mistake every you make + + :tools + ;;ansible + ;;biblio ; Writes a PhD for you (citation needed) + ;;debugger ; FIXME stepping through code, to help you add bugs + direnv + ;;docker + ;;editorconfig ; let someone else argue about tabs vs spaces + ;;ein ; tame Jupyter notebooks with emacs + (eval +overlay) ; run code, run (also, repls) + ;;gist ; interacting with github gists + lookup ; navigate your code and its documentation + ;;lsp ; M-x vscode + magit ; a git porcelain for Emacs + ;;make ; run make tasks from Emacs + ;;pass ; password manager for nerds + ;;pdf ; pdf enhancements + ;;prodigy ; FIXME managing external services & code builders + ;;rgb ; creating color strings + ;;taskrunner ; taskrunner for all your projects + ;;terraform ; infrastructure as code + ;;tmux ; an API for interacting with tmux + ;;upload ; map local to remote projects via ssh/ftp + + :os + (:if IS-MAC macos) ; improve compatibility with macOS + ;;tty ; improve the terminal Emacs experience + + :lang + ;;agda ; types of types of types of types... + ;;beancount ; mind the GAAP + ;;cc ; C > C++ == 1 + clojure ; java with a lisp + ;;common-lisp ; if you've seen one lisp, you've seen them all + ;;coq ; proofs-as-programs + ;;crystal ; ruby at the speed of c + ;;csharp ; unity, .NET, and mono shenanigans + ;;data ; config/data formats + ;;(dart +flutter) ; paint ui and not much else + ;;dhall + ;;elixir ; erlang done right + elm ; care for a cup of TEA? + emacs-lisp ; drown in parentheses + erlang ; an elegant language for a more civilized age + ;;ess ; emacs speaks statistics + ;;factor + ;;faust ; dsp, but you get to keep your soul + ;;fortran ; in FORTRAN, GOD is REAL (unless declared INTEGER) + ;;fsharp ; ML stands for Microsoft's Language + ;;fstar ; (dependent) types and (monadic) effects and Z3 + ;;gdscript ; the language you waited for + (go +lsp) ; the hipster dialect + (haskell +lsp) ; a language that's lazier than I am + ;;hy ; readability of scheme w/ speed of python + ;;idris ; a language you can depend on + ;;json ; At least it ain't XML + ;;(java +meghanada) ; the poster child for carpal tunnel syndrome + javascript ; all(hope(abandon(ye(who(enter(here)))))) + ;;julia ; a better, faster MATLAB + ;;kotlin ; a better, slicker Java(Script) + latex ; writing papers in Emacs has never been so fun + ;;lean ; for folks with too much to prove + ;;ledger ; be audit you can be + lua ; one-based indices? one-based indices + markdown ; writing docs for people to ignore + ;;nim ; python + lisp at the speed of c + nix ; I hereby declare "nix geht mehr!" + ocaml ; an objective camel + org ; organize your plain life in plain text + ;;php ; perl's insecure younger brother + ;;plantuml ; diagrams for confusing people more + ;;purescript ; javascript, but functional + ;;python ; beautiful is better than ugly + ;;qt ; the 'cutest' gui framework ever + ;;racket ; a DSL for DSLs + ;;raku ; the artist formerly known as perl6 + ;;rest ; Emacs as a REST client + ;;rst ; ReST in peace + ;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"} + ;;rust ; Fe2O3.unwrap().unwrap().unwrap().unwrap() + ;;scala ; java, but good + ;;(scheme +guile) ; a fully conniving family of lisps + sh ; she sells {ba,z,fi}sh shells on the C xor + ;;sml + ;;solidity ; do you need a blockchain? No. + ;;swift ; who asked for emoji variables? + ;;terra ; Earth and Moon in alignment for performance. + web ; the tubes + ;;yaml ; JSON, but readable + zig ; C, but simpler + + :email + (mu4e +org) + ;;notmuch + ;;(wanderlust +gmail) + + :app + ;;calendar + ;;emms + ;;everywhere ; *leave* Emacs!? You must be joking + ;;irc ; how neckbeards socialize + ;;(rss +org) ; emacs as an RSS reader + ;;twitter ; twitter client https://twitter.com/vnought + + :config + ;;literate + (default +bindings +smartparens)) + diff --git a/configs/doom.d/packages.el b/configs/doom.d/packages.el new file mode 100644 index 0000000..cb61e54 --- /dev/null +++ b/configs/doom.d/packages.el @@ -0,0 +1 @@ +(package! acme-theme) diff --git a/configs/manager.nix b/configs/manager.nix index 9009d87..f3a1d79 100644 --- a/configs/manager.nix +++ b/configs/manager.nix @@ -25,6 +25,7 @@ in }; }; + imports = [./tailnet.nix]; config = mkIf config.nixManager.enable { sops.defaultSopsFile = config.xin-secrets.manager; sops.secrets = { diff --git a/configs/neovim.lua b/configs/neovim.lua index 658a36d..f68259a 100644 --- a/configs/neovim.lua +++ b/configs/neovim.lua @@ -15,18 +15,18 @@ cmd("hi LineNr none"); cmd("hi Search cterm=none ctermbg=yellow"); require("compe").setup { - enabled = true, - autocomplete = true, - source = { - path = true, - buffer = true, - calc = true, - nvim_lsp = true, - nvim_lua = true, - vsnip = true, - ultisnips = true, - luasnip = true, - }, + enabled = true, + autocomplete = true, + source = { + path = true, + buffer = true, + calc = true, + nvim_lsp = true, + nvim_lua = true, + vsnip = true, + ultisnips = true, + luasnip = true + } } local telescope = require('telescope') @@ -34,30 +34,26 @@ telescope.load_extension('manix') telescope.load_extension('fzf') require("nvim-tree").setup({ - renderer = { - icons = { - webdev_colors = false, - show = { - file = false, - folder = false, - folder_arrow = false, - git = true, - }, - }, - }, + renderer = { + icons = { + webdev_colors = false, + show = { + file = false, + folder = false, + folder_arrow = false, + git = true + } + } + } }) require('obsidian').setup({ - dir = "~/Brain", - daily_notes = { - folder = "Daily", - }, - completion = { - nvim_cmp = false, - } + dir = "~/Brain", + daily_notes = {folder = "Daily"}, + completion = {nvim_cmp = false} }) -require 'nvim-treesitter.configs'.setup({}) +require'nvim-treesitter.configs'.setup({}) require('neogen').setup({}) require('todo-comments').setup {}; @@ -69,15 +65,7 @@ local lspc = require('lspconfig') lspc.elmls.setup {}; lspc.gopls.setup {}; lspc.hls.setup {}; -lspc.lua_ls.setup { - settings = { - Lua = { - diagnostics = { - globals = {'vim'}, - }, - }, - }, -}; +lspc.lua_ls.setup {settings = {Lua = {diagnostics = {globals = {'vim'}}}}}; lspc.nil_ls.setup {}; lspc.perlpls.setup {}; lspc.solargraph.setup {}; @@ -86,11 +74,11 @@ lspc.zls.setup {}; o.hlsearch = true; -map('n', '', ':NvimTreeToggle', { noremap = true }) -map('n', '', ':Files', { noremap = true }) -map('n', 'r', ':NvimTreeRefresh', { noremap = true }) -map('n', 'n', ':Neogen', { noremap = true }) -map('n', 's', ':%s/\\s\\+$//e', { noremap = true }) +map('n', '', ':NvimTreeToggle', {noremap = true}) +map('n', '', ':Files', {noremap = true}) +map('n', 'r', ':NvimTreeRefresh', {noremap = true}) +map('n', 'n', ':Neogen', {noremap = true}) +map('n', 's', ':%s/\\s\\+$//e', {noremap = true}) map('n', 'fm', ':Telescope manix', {}) map('n', 'mo', ':MindOpenMain', {}) map('n', 'mp', ':MindOpenProject', {}) @@ -98,10 +86,10 @@ map('n', 'ot', ':ObsidianToday', {}) map('n', 'tb', ':TagbarToggle', {}) map('n', 't', ':TodoQuickFix', {}) -map('n', 'g', ':GitGutterToggle', { noremap = true }) -map('n', '2', ':set list!', { noremap = true }) -map('n', '3', ':set nu!', { noremap = true }) -map('n', '4', ':set paste!', { noremap = true }) +map('n', 'g', ':GitGutterToggle', {noremap = true}) +map('n', '2', ':set list!', {noremap = true}) +map('n', '3', ':set nu!', {noremap = true}) +map('n', '4', ':set paste!', {noremap = true}) local builtin = require('telescope.builtin') vim.keymap.set('n', 'ff', builtin.find_files, {}) @@ -116,45 +104,35 @@ vim.keymap.set('n', 'e', vim.diagnostic.open_float) vim.keymap.set('n', '[d', vim.diagnostic.goto_prev) vim.keymap.set('n', ']d', vim.diagnostic.goto_next) vim.keymap.set('n', 'q', vim.diagnostic.setloclist) +vim.keymap.set('n', 'f', ':Neoformat') vim.api.nvim_create_autocmd('LspAttach', { - group = vim.api.nvim_create_augroup('UserLspConfig', {}), - callback = function(ev) - local opts = { buffer = ev.buf } - vim.keymap.set('n', 'K', vim.lsp.buf.hover, opts) - vim.keymap.set('n', 'D', vim.lsp.buf.type_definition, opts) - vim.keymap.set('n', 'rn', vim.lsp.buf.rename, opts) - vim.keymap.set('n', 'gr', vim.lsp.buf.references, opts) - vim.keymap.set('n', 'f', function() - vim.lsp.buf.format { async = true } - end, opts) - end, + group = vim.api.nvim_create_augroup('UserLspConfig', {}), + callback = function(ev) + local opts = {buffer = ev.buf} + vim.keymap.set('n', 'K', vim.lsp.buf.hover, opts) + vim.keymap.set('n', 'D', vim.lsp.buf.type_definition, opts) + vim.keymap.set('n', 'rn', vim.lsp.buf.rename, opts) + vim.keymap.set('n', 'gr', vim.lsp.buf.references, opts) + -- vim.keymap.set('n', 'f', function() + -- vim.lsp.buf.format { async = true } + -- end, opts) + end }) vim.g.tagbar_type_elm = { - ctagstype = 'elm', - kinds = { - 'f:function:0:0', - 'm:modules:0:0', - 'i:imports:1:0', - 't:types:1:0', - 'a:type aliases:0:0', - 'c:type constructors:0:0', - 'p:ports:0:0', - 's:functions:0:0' - } + ctagstype = 'elm', + kinds = { + 'f:function:0:0', 'm:modules:0:0', 'i:imports:1:0', 't:types:1:0', + 'a:type aliases:0:0', 'c:type constructors:0:0', 'p:ports:0:0', + 's:functions:0:0' + } } vim.g.tagbar_type_typescript = { - ctagstype = 'typescript', - kinds = { - 'c:classes', - 'n:modules', - 'f:functions', - 'v:variables', - 'v:varlambdas', - 'm:members', - 'i:interfaces', - 'e:enums' - } + ctagstype = 'typescript', + kinds = { + 'c:classes', 'n:modules', 'f:functions', 'v:variables', 'v:varlambdas', + 'm:members', 'i:interfaces', 'e:enums' + } } diff --git a/configs/neovim.nix b/configs/neovim.nix index 27ba125..23c036e 100644 --- a/configs/neovim.nix +++ b/configs/neovim.nix @@ -108,10 +108,12 @@ with pkgs; let }; baseVimPackages = with vimPlugins; [ + ale elm-vim fugitive fzf-vim haskell-vim + neoformat nvim-compe nvim-lspconfig nvim-tree-lua @@ -145,6 +147,7 @@ with pkgs; let else baseVimPackages ++ []; in { environment.systemPackages = with pkgs; [ + alejandra elmPackages.elm elmPackages.elm-format elmPackages.elm-language-server @@ -159,6 +162,7 @@ in { luajitPackages.lua-lsp manix nodejs + nodePackages.prettier nodePackages.typescript-language-server perl perlPackages.PerlCritic diff --git a/configs/tailnet.nix b/configs/tailnet.nix new file mode 100644 index 0000000..5f58766 --- /dev/null +++ b/configs/tailnet.nix @@ -0,0 +1,104 @@ +{ + config, + pkgs, + lib, + inputs, + xinlib, + ... +}: let + tailnetACLs = let + acls = { + hosts = { + europa = "100.92.31.80"; + startpage = "100.120.84.116"; + startdev = "100.92.56.119"; + go = "100.117.47.51"; + nbc = "100.122.61.43"; # nix-binary-cache + console = "100.87.112.70"; + box = "100.120.151.126"; + }; + + tagOwners = { + "tag:untrusted" = ["qbit@github"]; + "tag:minservice" = ["qbit@github"]; + "tag:sshonly" = ["qbit@github"]; + "tag:apper" = ["qbit@github"]; + "tag:golink" = ["qbit@github"]; + "tag:lab" = ["qbit@github"]; + }; + + acls = [ + { + action = "accept"; + src = ["tag:untrusted"]; + dst = [ + "europa:22" + "europa:12304" + "startpage:443" + "startdev:443" + "go:80" + "tag:lab:22" + "nbc:443" + ]; + } + { + action = "accept"; + src = ["tag:minservice" "tag:sshonly"]; + dst = ["*:22" "box:3030" "nbc:443" "console:2222"]; + } + { + action = "accept"; + src = ["qbit@github"]; + dst = ["*:*"]; + } + ]; + }; + in + pkgs.writeTextFile { + name = "tailnet-acls.json"; + text = builtins.toJSON acls; + }; + aclUpdateScript = pkgs.writeShellScriptBin "tailnet-acl-updater" '' + set -eu + + . ${config.sops.secrets.po_env.path} + + JQ=${pkgs.jq}/bin/jq + PO=${inputs.po.packages.${pkgs.system}.po}/bin/po + + APIURL="https://api.tailscale.com/api/v2/tailnet/-/acl" + TOKEN="$(cat ${config.sops.secrets.tailnet_acl_manager.path}):" + + ERROR="$(${pkgs.curl}/bin/curl "$APIURL/validate" -u "$TOKEN" -d @${tailnetACLs} | $JQ -r .message)" + + if [ "$ERROR" = "null" ]; then + RESP="$(${pkgs.curl}/bin/curl "$APIURL" -u "$TOKEN" -d @${tailnetACLs} | $JQ -r .message)" + if [ "$RESP" != "null" ]; then + $PO -title "Failed to update TailNet!" -body "$RESP" + fi + fi + ''; + jobs = [ + { + name = "update-talenet-acls"; + script = "${aclUpdateScript}/bin/tailnet-acl-updater"; + startAt = "*:30:00"; + path = []; + inherit (config.nixManager) user; + } + ]; + enabled = config.nixManager.enable; +in + with lib; { + sops.secrets = mkIf enabled { + tailnet_acl_manager = { + owner = config.nixManager.user; + sopsFile = config.xin-secrets.manager; + }; + po_env = { + owner = config.nixManager.user; + sopsFile = config.xin-secrets.manager; + }; + }; + systemd.services = mkIf enabled (listToAttrs (builtins.map xinlib.jobToService jobs)); + } diff --git a/default.nix b/default.nix index 4586fe5..76bb7aa 100644 --- a/default.nix +++ b/default.nix @@ -17,6 +17,7 @@ command="/run/current-system/sw/bin/xin-status",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9PIhQ+yWfBM2tEG+W8W8HXJXqISXif8BcPZHakKvLM xin-status ''; gosignify = pkgs.callPackage ./pkgs/gosignify.nix {inherit isUnstable;}; + myOpenSSH = pkgs.callPackage ./pkgs/openssh {}; in { imports = [ ./configs @@ -136,14 +137,14 @@ in { nix = { settings = - if config.networking.hostName != "pwntie" - then { + if config.xinCI.enable + then {} + else { substituters = ["https://nix-binary-cache.humpback-trout.ts.net/"]; trusted-public-keys = [ "nix-binary-cache.humpback-trout.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0=" ]; - } - else {}; + }; }; environment.systemPackages = with pkgs; @@ -161,8 +162,8 @@ in { lz4 minisign mosh + nb nix-diff - nixfmt nix-index nix-top pass @@ -182,7 +183,6 @@ in { time.timeZone = "US/Mountain"; - documentation.enable = true; documentation.man.enable = true; networking.timeServers = options.networking.timeServers.default; @@ -191,6 +191,8 @@ in { zsh.enable = true; gnupg.agent.enable = true; ssh = { + package = myOpenSSH.openssh; + agentPKCS11Whitelist = "${pkgs.opensc}/lib/opensc-pkcs11.so"; knownHosts = { "[namish.humpback-trout.ts.net]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9jlU5XATs8N90mXuCqrflwOJ+s3s7LefDmFZBx8cCk"; "[git.tapenet.org]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkbSJWeWJyJjak/boaMTqzPVq91wfJz1P+I4rnBUsPW"; @@ -212,7 +214,7 @@ in { environment.etc."ssh/ca.pub" = {text = caPubKeys;}; - services.logrotate.enable = + services.logrotate.checkConfig = todo "logrotate disabled: https://github.com/NixOS/nix/issues/8502" false; services = { diff --git a/flake.lock b/flake.lock index c7a5f3f..11f6c8d 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1687385522, - "narHash": "sha256-GR8mqsqYcdZ67dCcII5SWcwHqPAJRWXPmqsuMl7+KA4=", + "lastModified": 1692248770, + "narHash": "sha256-tZeFpETKQGbgnaSIO1AGWD27IyTcBm4D+A9d7ulQ4NM=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "bc346a67d34a336ca3c507570875cc88038e6120", + "rev": "511177ffe8226c78c9cf6a92a7b5f2df3684956b", "type": "github" }, "original": { @@ -20,29 +20,169 @@ "type": "github" } }, + "doom-emacs": { + "flake": false, + "locked": { + "lastModified": 1662497747, + "narHash": "sha256-4n7E1fqda7cn5/F2jTkOnKw1juG6XMS/FI9gqODL3aU=", + "owner": "doomemacs", + "repo": "doomemacs", + "rev": "3853dff5e11655e858d0bfae64b70cb12ef685ac", + "type": "github" + }, + "original": { + "owner": "doomemacs", + "repo": "doomemacs", + "rev": "3853dff5e11655e858d0bfae64b70cb12ef685ac", + "type": "github" + } + }, + "doom-snippets": { + "flake": false, + "locked": { + "lastModified": 1676839496, + "narHash": "sha256-1Ay9zi0u1lycmEeFqIxr0RWH+JvH9BnzgRzkPeWEAYY=", + "owner": "doomemacs", + "repo": "snippets", + "rev": "fe4003014ae00b866f117cb193f711fd9d72fd11", + "type": "github" + }, + "original": { + "owner": "doomemacs", + "repo": "snippets", + "type": "github" + } + }, "emacs-overlay": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": [ - "stable" - ] - }, + "flake": false, "locked": { - "lastModified": 1669639095, - "narHash": "sha256-yeP89LGRqMbTuEVII4/2BCMEKgEAbEqOMcwEev2S03U=", + "lastModified": 1676366521, + "narHash": "sha256-i4UAY8t9Au9SJtsgYppa3NHSVf1YkV6yqnNIQd+Km4g=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "d54a1521619daa37c9aa8c9e3362abb34e676007", + "rev": "c16be6de78ea878aedd0292aa5d4a1ee0a5da501", "type": "github" }, "original": { "owner": "nix-community", "repo": "emacs-overlay", - "rev": "d54a1521619daa37c9aa8c9e3362abb34e676007", + "rev": "c16be6de78ea878aedd0292aa5d4a1ee0a5da501", + "type": "github" + } + }, + "emacs-so-long": { + "flake": false, + "locked": { + "lastModified": 1575031854, + "narHash": "sha256-xIa5zO0ZaToDrec1OFjBK6l39AbA4l/CE4LInVu2hi0=", + "owner": "hlissner", + "repo": "emacs-so-long", + "rev": "ed666b0716f60e8988c455804de24b55919e71ca", + "type": "github" + }, + "original": { + "owner": "hlissner", + "repo": "emacs-so-long", + "type": "github" + } + }, + "evil-escape": { + "flake": false, + "locked": { + "lastModified": 1588439096, + "narHash": "sha256-aB2Ge5o/93B18tPf4fN1c+O46CNh/nOqwLJbox4c8Gw=", + "owner": "hlissner", + "repo": "evil-escape", + "rev": "819f1ee1cf3f69a1ae920e6004f2c0baeebbe077", + "type": "github" + }, + "original": { + "owner": "hlissner", + "repo": "evil-escape", + "type": "github" + } + }, + "evil-markdown": { + "flake": false, + "locked": { + "lastModified": 1626852210, + "narHash": "sha256-HBBuZ1VWIn6kwK5CtGIvHM1+9eiNiKPH0GUsyvpUVN8=", + "owner": "Somelauw", + "repo": "evil-markdown", + "rev": "8e6cc68af83914b2fa9fd3a3b8472573dbcef477", + "type": "github" + }, + "original": { + "owner": "Somelauw", + "repo": "evil-markdown", + "type": "github" + } + }, + "evil-org-mode": { + "flake": false, + "locked": { + "lastModified": 1607203864, + "narHash": "sha256-JxwqVYDN6OIJEH15MVI6XOZAPtUWUhJQWHyzcrUvrFg=", + "owner": "hlissner", + "repo": "evil-org-mode", + "rev": "a9706da260c45b98601bcd72b1d2c0a24a017700", + "type": "github" + }, + "original": { + "owner": "hlissner", + "repo": "evil-org-mode", + "type": "github" + } + }, + "evil-quick-diff": { + "flake": false, + "locked": { + "lastModified": 1575189609, + "narHash": "sha256-oGzl1ayW9rIuq0haoiFS7RZsS8NFMdEA7K1BSozgnJU=", + "owner": "rgrinberg", + "repo": "evil-quick-diff", + "rev": "69c883720b30a892c63bc89f49d4f0e8b8028908", + "type": "github" + }, + "original": { + "owner": "rgrinberg", + "repo": "evil-quick-diff", + "type": "github" + } + }, + "explain-pause-mode": { + "flake": false, + "locked": { + "lastModified": 1595842060, + "narHash": "sha256-++znrjiDSx+cy4okFBBXUBkRFdtnE2x+trkmqjB3Njs=", + "owner": "lastquestion", + "repo": "explain-pause-mode", + "rev": "2356c8c3639cbeeb9751744dbe737267849b4b51", + "type": "github" + }, + "original": { + "owner": "lastquestion", + "repo": "explain-pause-mode", "type": "github" } }, "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { "flake": false, "locked": { "lastModified": 1627913399, @@ -63,11 +203,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1687171271, - "narHash": "sha256-BJlq+ozK2B1sJDQXS3tzJM5a+oVZmi1q0FlBK/Xqv7M=", + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", "owner": "numtide", "repo": "flake-utils", - "rev": "abfb11bd1aec8ced1c9bb9adfe68018230f4fb3c", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", "type": "github" }, "original": { @@ -91,6 +231,23 @@ "type": "github" } }, + "format-all": { + "flake": false, + "locked": { + "lastModified": 1581716637, + "narHash": "sha256-ul7LCe60W8TIvUmUtZtZRo8489TK9iTPDsLHmzxY57M=", + "owner": "lassik", + "repo": "emacs-format-all-the-code", + "rev": "47d862d40a088ca089c92cd393c6dca4628f87d3", + "type": "github" + }, + "original": { + "owner": "lassik", + "repo": "emacs-format-all-the-code", + "rev": "47d862d40a088ca089c92cd393c6dca4628f87d3", + "type": "github" + } + }, "gostart": { "inputs": { "nixpkgs": [ @@ -98,11 +255,11 @@ ] }, "locked": { - "lastModified": 1686584905, - "narHash": "sha256-1Dd1bcp934Bx3Jjl1yg4sSuAhBUHrJz5jVEDxA5GDu8=", + "lastModified": 1690546436, + "narHash": "sha256-6B4i87l+dtGesLvRHuwGEBM8QbQC88iSA+TOB4dQNbs=", "owner": "qbit", "repo": "gostart", - "rev": "a4f6edb9f49f2ebb9225da0d54128da0fa2ec45a", + "rev": "a216e85942325efd61febf8641811ae2c0bd9f2f", "type": "github" }, "original": { @@ -147,13 +304,71 @@ "type": "github" } }, + "nix-doom-emacs": { + "inputs": { + "doom-emacs": "doom-emacs", + "doom-snippets": "doom-snippets", + "emacs-overlay": "emacs-overlay", + "emacs-so-long": "emacs-so-long", + "evil-escape": "evil-escape", + "evil-markdown": "evil-markdown", + "evil-org-mode": "evil-org-mode", + "evil-quick-diff": "evil-quick-diff", + "explain-pause-mode": "explain-pause-mode", + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "format-all": "format-all", + "nix-straight": "nix-straight", + "nixpkgs": "nixpkgs", + "nose": "nose", + "ob-racket": "ob-racket", + "org": "org", + "org-contrib": "org-contrib", + "org-yt": "org-yt", + "php-extras": "php-extras", + "revealjs": "revealjs", + "rotate-text": "rotate-text", + "sln-mode": "sln-mode", + "ts-fold": "ts-fold", + "ws-butler": "ws-butler" + }, + "locked": { + "lastModified": 1689075996, + "narHash": "sha256-NwBzz2CHNtT0oDqAGewByQ5OFnAWf+ewHUrK0F44xZk=", + "owner": "nix-community", + "repo": "nix-doom-emacs", + "rev": "9a5b34d9ba30842eb8f0d7deb08bf03a75930471", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-doom-emacs", + "type": "github" + } + }, + "nix-straight": { + "flake": false, + "locked": { + "lastModified": 1666982610, + "narHash": "sha256-xjgIrmUsekVTE+MpZb5DMU8DQf9DJ/ZiR0o30L9/XCc=", + "owner": "nix-community", + "repo": "nix-straight.el", + "rev": "ad10364d64f472c904115fd38d194efe1c3f1226", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-straight.el", + "type": "github" + } + }, "nixos-hardware": { "locked": { - "lastModified": 1686838567, - "narHash": "sha256-aqKCUD126dRlVSKV6vWuDCitfjFrZlkwNuvj5LtjRRU=", + "lastModified": 1692952286, + "narHash": "sha256-TsrtPv3+Q1KR0avZxpiJH+b6fX/R/hEQVHbjl1ebotY=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89", + "rev": "817e297fc3352fadc15f2c5306909aa9192d7d97", "type": "github" }, "original": { @@ -163,9 +378,104 @@ "type": "github" } }, + "nixpkgs": { + "locked": { + "lastModified": 1682566018, + "narHash": "sha256-HPzPRFiy2o/7k7mtnwfM1E6NVZHiFbPdmYCMoIpkHO4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8e3b64db39f2aaa14b35ee5376bd6a2e707cadc2", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixpkgs-unstable", + "type": "indirect" + } + }, + "nose": { + "flake": false, + "locked": { + "lastModified": 1400604510, + "narHash": "sha256-daEi8Kta1oGaDEmUUDDQMahTTPOpvNpDKk22rlr7cB0=", + "owner": "emacsattic", + "repo": "nose", + "rev": "f8528297519eba911696c4e68fa88892de9a7b72", + "type": "github" + }, + "original": { + "owner": "emacsattic", + "repo": "nose", + "type": "github" + } + }, + "ob-racket": { + "flake": false, + "locked": { + "lastModified": 1584656173, + "narHash": "sha256-rBUYDDCXb+3D4xTPQo9UocbTPZ32kWV1Uya/1DmZknU=", + "owner": "xchrishawk", + "repo": "ob-racket", + "rev": "83457ec9e1e96a29fd2086ed19432b9d75787673", + "type": "github" + }, + "original": { + "owner": "xchrishawk", + "repo": "ob-racket", + "type": "github" + } + }, + "org": { + "flake": false, + "locked": { + "lastModified": 1683136293, + "narHash": "sha256-PMHNr3Qo62uqO5IUDAfxUoqa4Zvb9y2J76pRYDB/6Y4=", + "owner": "emacs-straight", + "repo": "org-mode", + "rev": "080710797ad25e76c4556d2b03cc0aa5313cd187", + "type": "github" + }, + "original": { + "owner": "emacs-straight", + "repo": "org-mode", + "type": "github" + } + }, + "org-contrib": { + "flake": false, + "locked": { + "lastModified": 1675694242, + "narHash": "sha256-4Fn33CTVTCqh5TyVAggSr8Fm8/hB8Xgl+hkxh3WCrI8=", + "owner": "emacsmirror", + "repo": "org-contrib", + "rev": "fff6c888065588527b1c1d7dd7e41c29ef767e17", + "type": "github" + }, + "original": { + "owner": "emacsmirror", + "repo": "org-contrib", + "type": "github" + } + }, + "org-yt": { + "flake": false, + "locked": { + "lastModified": 1527381913, + "narHash": "sha256-dzQ6B7ryzatHCTLyEnRSbWO0VUiX/FHYnpHTs74aVUs=", + "owner": "TobiasZawada", + "repo": "org-yt", + "rev": "40cc1ac76d741055cbefa13860d9f070a7ade001", + "type": "github" + }, + "original": { + "owner": "TobiasZawada", + "repo": "org-yt", + "type": "github" + } + }, "peerix": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "flake-utils": "flake-utils_2", "nixpkgs": [ "stable" @@ -185,6 +495,22 @@ "type": "github" } }, + "php-extras": { + "flake": false, + "locked": { + "lastModified": 1573312690, + "narHash": "sha256-r4WyVbzvT0ra4Z6JywNBOw5RxOEYd6Qe2IpebHXkj1U=", + "owner": "arnested", + "repo": "php-extras", + "rev": "d410c5af663c30c01d461ac476d1cbfbacb49367", + "type": "github" + }, + "original": { + "owner": "arnested", + "repo": "php-extras", + "type": "github" + } + }, "po": { "inputs": { "nixpkgs": [ @@ -245,13 +571,29 @@ "type": "github" } }, + "revealjs": { + "flake": false, + "locked": { + "lastModified": 1681386605, + "narHash": "sha256-9Q7aWgjAV37iJp6oYDz45e8J+RKwKY1Uvgg/BXwf5nQ=", + "owner": "hakimel", + "repo": "reveal.js", + "rev": "0301ce58ab185f7191696e16b1b6389f58df2892", + "type": "github" + }, + "original": { + "owner": "hakimel", + "repo": "reveal.js", + "type": "github" + } + }, "root": { "inputs": { "darwin": "darwin", - "emacs-overlay": "emacs-overlay", "gostart": "gostart", "gqrss": "gqrss", "microca": "microca", + "nix-doom-emacs": "nix-doom-emacs", "nixos-hardware": "nixos-hardware", "peerix": "peerix", "po": "po", @@ -259,7 +601,6 @@ "pr-status": "pr-status", "sops-nix": "sops-nix", "stable": "stable", - "talon": "talon", "taskobs": "taskobs", "tsRevProx": "tsRevProx", "tsvnstat": "tsvnstat", @@ -269,6 +610,38 @@ "xintray": "xintray" } }, + "rotate-text": { + "flake": false, + "locked": { + "lastModified": 1322962747, + "narHash": "sha256-SOeOgSlcEIsKhUiYDJv0p+mLUb420s9E2BmvZQvZ0wk=", + "owner": "debug-ito", + "repo": "rotate-text.el", + "rev": "48f193697db996855aee1ad2bc99b38c6646fe76", + "type": "github" + }, + "original": { + "owner": "debug-ito", + "repo": "rotate-text.el", + "type": "github" + } + }, + "sln-mode": { + "flake": false, + "locked": { + "lastModified": 1423727528, + "narHash": "sha256-XqkqPyEJuTtFslOz1fpTf/Klbd/zA7IGpzpmum/MGao=", + "owner": "sensorflo", + "repo": "sln-mode", + "rev": "0f91d1b957c7d2a7bab9278ec57b54d57f1dbd9c", + "type": "github" + }, + "original": { + "owner": "sensorflo", + "repo": "sln-mode", + "type": "github" + } + }, "sops-nix": { "inputs": { "nixpkgs": [ @@ -279,11 +652,11 @@ ] }, "locked": { - "lastModified": 1687398569, - "narHash": "sha256-e/umuIKFcFtZtWeX369Hbdt9r+GQ48moDmlTcyHWL28=", + "lastModified": 1693404499, + "narHash": "sha256-cx/7yvM/AP+o/3wPJmA9W9F+WHemJk5t+Xcr+Qwkqhg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2ff6973350682f8d16371f8c071a304b8067f192", + "rev": "d9c5dc41c4b1f74c77f0dbffd0f3a4ebde447b7a", "type": "github" }, "original": { @@ -294,11 +667,11 @@ }, "stable": { "locked": { - "lastModified": 1687354544, - "narHash": "sha256-1Xu+QzyA10AiY21i27Zu9bqQAaxXBacNKbGUA9OZy7Y=", + "lastModified": 1693428224, + "narHash": "sha256-FWUUlhYqkGEySUD0blTADRiDQ7fw+H1ikivfu88uy+w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "876181e3ae452cc6186486f6f7300a8a6de237cb", + "rev": "841889913dfd06a70ffb39f603e29e46f45f0c1a", "type": "github" }, "original": { @@ -339,27 +712,6 @@ "type": "github" } }, - "talon": { - "inputs": { - "nixpkgs": [ - "unstable" - ], - "utils": "utils" - }, - "locked": { - "lastModified": 1674481533, - "narHash": "sha256-aMrexhFzVJKFB2PKUjjJiJCCNDTyCWFDHlhjFNAuHFg=", - "owner": "qbit", - "repo": "talon-nix", - "rev": "52b4568e186691624db941517418e165b6ff0e9f", - "type": "github" - }, - "original": { - "owner": "qbit", - "repo": "talon-nix", - "type": "github" - } - }, "taskobs": { "inputs": { "nixpkgs": [ @@ -380,6 +732,22 @@ "type": "github" } }, + "ts-fold": { + "flake": false, + "locked": { + "lastModified": 1681029086, + "narHash": "sha256-z3eVkAPFI6JYZZ+2XM496zBxwnujTp4Y4KNNfqgUC/E=", + "owner": "jcs-elpa", + "repo": "ts-fold", + "rev": "5fd2a5afe2112ac23b58ee1b12730fcf16068df3", + "type": "github" + }, + "original": { + "owner": "jcs-elpa", + "repo": "ts-fold", + "type": "github" + } + }, "tsRevProx": { "inputs": { "nixpkgs": [ @@ -387,11 +755,11 @@ ] }, "locked": { - "lastModified": 1683583841, - "narHash": "sha256-5r2TP7cuEyy/XgSQhfaqLjbgiIbXtlNp9P9OvPjzvTk=", + "lastModified": 1690485919, + "narHash": "sha256-7DxtcPq/QPsdwqUg91vs1mMu21mYn1HCamUkOD0ug2M=", "owner": "qbit", "repo": "ts-reverse-proxy", - "rev": "36749e9fbe0f4c04163f9924f8e8be01d0442745", + "rev": "1b7eac645a0c56effc8d637019161febd0015d08", "type": "github" }, "original": { @@ -422,11 +790,11 @@ }, "unstable": { "locked": { - "lastModified": 1687411311, - "narHash": "sha256-JcRFavmdTl6VE52xGREv+qZ8jXNVxZ05Ny93R7a2hb0=", + "lastModified": 1693537891, + "narHash": "sha256-djrWi+Qkj033Py+pWZZriUcWKFtfQJcrO0JZXiFXUTk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5da1a523cbe09f2f7e0f85605f6a54f372469bd0", + "rev": "9d33ec806554aa74a6415a9e1e3b5b78e0af26d1", "type": "github" }, "original": { @@ -437,11 +805,11 @@ }, "unstableSmall": { "locked": { - "lastModified": 1687369486, - "narHash": "sha256-BFXrDo7yuLamfbi53voC2TrHHTKEr/LJ0P+qSP51xkg=", + "lastModified": 1693481239, + "narHash": "sha256-HNEeTL3b0aiwbJh/hFKUMOqRg34e5r+t1X3dFMFUVR4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8b0f22dc5155e8a6d329520c27751dfb0f821d63", + "rev": "72845c89285ca57c1d2bbc33018aca7455cd9c25", "type": "github" }, "original": { @@ -451,18 +819,19 @@ "type": "github" } }, - "utils": { + "ws-butler": { + "flake": false, "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "lastModified": 1634511126, + "narHash": "sha256-c0y0ZPtxxICPk+eaNbbQf6t+FRCliNY54CCz9QHQ8ZI=", + "owner": "hlissner", + "repo": "ws-butler", + "rev": "572a10c11b6cb88293de48acbb59a059d36f9ba5", "type": "github" }, "original": { - "owner": "numtide", - "repo": "flake-utils", + "owner": "hlissner", + "repo": "ws-butler", "type": "github" } }, @@ -474,11 +843,11 @@ "stable": "stable_2" }, "locked": { - "lastModified": 1686765987, - "narHash": "sha256-dwT4w+dFG5ovM9ip32fj54I8Bq427SQZ91X/wJ3mhXU=", + "lastModified": 1691077496, + "narHash": "sha256-Ue8ldvIt2gU51MuWAMwcZIME5htEBeG5NDTo/QWw7Qw=", "ref": "main", - "rev": "4019a419bd9ab0e927d44cb4ff4b84654de90712", - "revCount": 100, + "rev": "10a766cc56235210091913414019d98a9fc6b987", + "revCount": 104, "type": "git", "url": "ssh://xin-secrets-ro/qbit/xin-secrets.git" }, @@ -495,11 +864,11 @@ ] }, "locked": { - "lastModified": 1686054616, - "narHash": "sha256-nBvQL3pSFZTBM0kM+/HVNFNbsa/It+OzQSlgKdIkgAY=", + "lastModified": 1688047611, + "narHash": "sha256-pHbxJwZGQjPwpA2gfeUGy9hHu3Dx/J6ZT4DkV2v1RT4=", "owner": "qbit", "repo": "xintray", - "rev": "04dfd6b23e165c2e5495eeaf2b5ba2818a683bb2", + "rev": "dff83a5e9b8b84d0f4d29f6e5704dee21b165c75", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 2d28753..522dc05 100644 --- a/flake.nix +++ b/flake.nix @@ -21,10 +21,11 @@ nixos-hardware = {url = "github:NixOS/nixos-hardware/master";}; - emacs-overlay = { - url = "github:nix-community/emacs-overlay/d54a1521619daa37c9aa8c9e3362abb34e676007"; - inputs.nixpkgs.follows = "stable"; - }; + #emacs-overlay = { + # url = "github:nix-community/emacs-overlay/d54a1521619daa37c9aa8c9e3362abb34e676007"; + # inputs.nixpkgs.follows = "stable"; + #}; + nix-doom-emacs.url = "github:nix-community/nix-doom-emacs"; darwin = { url = "github:lnl7/nix-darwin"; @@ -77,11 +78,6 @@ url = "github:cid-chan/peerix"; inputs.nixpkgs.follows = "stable"; }; - - talon = { - url = "github:qbit/talon-nix"; - inputs.nixpkgs.follows = "unstable"; - }; }; outputs = { @@ -94,7 +90,6 @@ pots, pr-status, stable, - talon, tsRevProx, tsvnstat, unstable, @@ -133,13 +128,12 @@ }; overlays = [ - inputs.emacs-overlay.overlay + #inputs.emacs-overlay.overlay inputs.gostart.overlay inputs.microca.overlay inputs.peerix.overlay inputs.pots.overlay inputs.pr-status.overlay - inputs.talon.overlays.default inputs.taskobs.overlay inputs.tsRevProx.overlay ]; @@ -201,8 +195,8 @@ [] ++ stableList.nixpkgs.overlays ++ unstableList.nixpkgs.overlays; }; - formatter.x86_64-linux = stable.legacyPackages.x86_64-linux.nixfmt; - formatter.aarch64-darwin = stable.legacyPackages.aarch64-darwin.nixfmt; + formatter.x86_64-linux = stable.legacyPackages.x86_64-linux.alejandra; + formatter.aarch64-darwin = stable.legacyPackages.aarch64-darwin.alejandra; devShells.x86_64-linux.default = xinlib.buildShell lpkgs; devShells.aarch64-darwin.default = xinlib.buildShell darwinPkgs; @@ -210,7 +204,6 @@ nixosConfigurations = { europa = buildSys "x86_64-linux" unstable [ nixos-hardware.nixosModules.framework - talon.nixosModules.talon ] "europa"; pwntie = buildSys "x86_64-linux" stable [] "pwntie"; stan = buildSys "x86_64-linux" unstable [] "stan"; @@ -262,6 +255,8 @@ spkgs.callPackage ./pkgs/ada_language_server.nix {inherit spkgs;}; alire = spkgs.callPackage ./pkgs/alire.nix {inherit spkgs;}; bearclaw = spkgs.callPackage ./pkgs/bearclaw.nix {inherit spkgs;}; + rtlamr = spkgs.callPackage ./pkgs/rtlamr.nix {inherit spkgs;}; + clilol = spkgs.callPackage ./pkgs/clilol.nix {inherit spkgs;}; gqrss = spkgs.callPackage ./pkgs/gqrss.nix { inherit spkgs; isUnstable = true; @@ -272,11 +267,14 @@ isUnstable = true; }; femtolisp = upkgs.callPackage ./pkgs/femtolisp.nix {}; + fyne = upkgs.callPackage ./pkgs/fyne.nix {inherit upkgs;}; flake-warn = spkgs.callPackage ./pkgs/flake-warn.nix {inherit spkgs;}; - kurinto = spkgs.callPackage ./pkgs/kurinto.nix {}; + #kurinto = spkgs.callPackage ./pkgs/kurinto.nix {}; mcchunkie = spkgs.callPackage ./pkgs/mcchunkie.nix {inherit spkgs;}; yaegi = spkgs.callPackage ./pkgs/yaegi.nix {inherit spkgs;}; + gen-patches = + spkgs.callPackage ./bins/gen-patches.nix {inherit spkgs;}; yarr = spkgs.callPackage ./pkgs/yarr.nix { inherit spkgs; isUnstable = true; @@ -284,6 +282,9 @@ precursorupdater = spkgs.python3Packages.callPackage ./pkgs/precursorupdater.nix { inherit spkgs; }; + rtlamr2mqtt = spkgs.python3Packages.callPackage ./pkgs/rtlamr2mqtt.nix { + inherit spkgs; + }; kobuddy = upkgs.python3Packages.callPackage ./pkgs/kobuddy.nix { inherit upkgs; }; @@ -302,11 +303,11 @@ gosignify = spkgs.callPackage ./pkgs/gosignify.nix {inherit spkgs;}; gotosocial = spkgs.callPackage ./pkgs/gotosocial.nix {inherit spkgs;}; - govulncheck = - upkgs.callPackage ./pkgs/govulncheck.nix {inherit upkgs;}; zutty = upkgs.callPackage ./pkgs/zutty.nix { inherit upkgs; - isUnstable = true; + }; + mvoice = upkgs.callPackage ./pkgs/mvoice.nix { + inherit upkgs; }; inherit (xintray.packages.${system}) xintray; inherit (tsvnstat.packages.${system}) tsvnstat; diff --git a/gui/arcan.nix b/gui/arcan.nix index aa7ba40..46c994d 100644 --- a/gui/arcan.nix +++ b/gui/arcan.nix @@ -3,15 +3,13 @@ lib, pkgs, ... -}: let - myArcan = pkgs.arcanPackages or pkgs.arcan; -in - with lib; { - options = { - arcan = {enable = mkEnableOption "Enable Arcan/Durden desktop.";}; - }; +}: +with lib; { + options = { + arcan = {enable = mkEnableOption "Enable Arcan/Durden desktop.";}; + }; - config = mkIf config.arcan.enable { - environment.systemPackages = with pkgs; [myArcan.all-wrapped]; - }; - } + config = mkIf config.arcan.enable { + environment.systemPackages = with pkgs; [arcanPackages.all-wrapped]; + }; +} diff --git a/gui/default.nix b/gui/default.nix index 957e8fa..5b61449 100644 --- a/gui/default.nix +++ b/gui/default.nix @@ -62,21 +62,24 @@ in pcscd.enable = true; }; + documentation.enable = true; + # TODO: TEMP FIX systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart = lib.mkForce ["" "${pkgs.networkmanager}/bin/nm-online -q"]; fonts.fonts = with pkgs; [ go-font - (callPackage ../pkgs/kurinto.nix {}) + #(callPackage ../pkgs/kurinto.nix {}) ]; sound.enable = true; environment.systemPackages = with pkgs; (xinlib.filterList [ arcanPackages.all-wrapped bc black - brave drawterm + exiftool go-font + govulncheck hpi pcsctools promnesia @@ -85,7 +88,6 @@ in vlc zeal - (callPackage ../pkgs/govulncheck.nix {}) (callPackage ../configs/helix.nix {}) ]); diff --git a/hosts/box/default.nix b/hosts/box/default.nix index 5e3d33d..219671f 100644 --- a/hosts/box/default.nix +++ b/hosts/box/default.nix @@ -30,7 +30,7 @@ proxy_set_header Connection ""; proxy_http_version 1.1; - proxy_pass http://ftp.usa.openbsd.org; + proxy_pass http://cdn.openbsd.org; ''; }; @@ -46,10 +46,21 @@ }; in { _module.args.isUnstable = false; - imports = [./hardware-configuration.nix]; + imports = [ + ./hardware-configuration.nix + "${inputs.unstable}/nixos/modules/services/home-automation/home-assistant.nix" + ]; sops.secrets = { - photoprism_admin_password = {sopsFile = config.xin-secrets.box.services;}; + #nextcloud_db_pass = { + # owner = config.users.users.nextcloud.name; + # sopsFile = config.xin-secrets.box.services; + #}; + #nextcloud_admin_pass = { + # owner = config.users.users.nextcloud.name; + # sopsFile = config.xin-secrets.box.services; + #}; + #photoprism_admin_password = {sopsFile = config.xin-secrets.box.services;}; gitea_db_pass = { owner = config.users.users.gitea.name; sopsFile = config.xin-secrets.box.services; @@ -80,6 +91,10 @@ in { sops.secrets.bw_key = mkNginxSecret; sops.secrets.invidious_cert = mkNginxSecret; sops.secrets.invidious_key = mkNginxSecret; + sops.secrets.readarr_cert = mkNginxSecret; + sops.secrets.readarr_key = mkNginxSecret; + sops.secrets.home_cert = mkNginxSecret; + sops.secrets.home_key = mkNginxSecret; boot.supportedFilesystems = ["zfs"]; boot.loader.grub.copyKernels = true; @@ -97,6 +112,7 @@ in { hosts = { "127.0.0.1" = ["git.tapenet.org"]; + "10.6.0.15" = ["jelly.bold.daemon"]; "100.122.61.43" = ["nix-binary-cache.humpback-trout.ts.net"]; }; interfaces.enp7s0 = {useDHCP = true;}; @@ -114,7 +130,17 @@ in { }; allowedTCPPorts = config.services.openssh.ports - ++ [80 443 config.services.gitea.settings.server.SSH_PORT]; + ++ [ + 80 + 443 + config.services.gitea.settings.server.SSH_PORT + 21063 #homekit + 21064 #homekit + 1883 # mosquitto + ]; + allowedUDPPorts = [ + 5353 #homekit + ]; allowedUDPPortRanges = [ { from = 60000; @@ -144,16 +170,27 @@ in { }; }; - nixpkgs.config.allowUnfree = true; + nixpkgs = { + config.allowUnfree = true; + overlays = [ + (_: _: { + inherit (inputs.unstable.legacyPackages.${pkgs.system}) home-assistant; + }) + ]; + }; + + disabledModules = [ + "services/home-automation/home-assistant.nix" + ]; environment.systemPackages = with pkgs; [ - nixfmt tmux mosh apg git signify glowing-bear + rtl_433 (callPackage ../../pkgs/athens.nix {inherit isUnstable;}) ]; @@ -163,64 +200,174 @@ in { defaults.email = "aaron@bolddaemon.com"; }; - # for photoprism - #users.groups.photoprism = { - # name = "photoprism"; - # gid = 986; - #}; - #users.users.photoprism = { - # uid = 991; - # name = "photoprism"; - # isSystemUser = true; - # hashedPassword = null; - # group = "photoprism"; - # shell = "/bin/sh"; - # openssh.authorizedKeys.keys = pubKeys; - #}; - - #virtualisation.podman = { - # enable = false; - # #dockerCompat = true; - #}; - #virtualisation.oci-containers.backend = "podman"; - #virtualisation.oci-containers.containers = { - # #kativa = { - # # autoStart = true; - # # ports = [ "127.0.0.1:5000:5000" ]; - # # image = "kizaing/kavita:0.5.2"; - # # volumes = [ "/media/books:/books" "/media/books/config:/kativa/config" ]; - # #}; - # photoprism = { - # #user = "${toString config.users.users.photoprism.name}:${toString config.users.groups.photoprism.name}"; - # autoStart = true; - # ports = [ "127.0.0.1:2343:2343" ]; - # image = "photoprism/photoprism:${photoPrismTag}"; - # workdir = "/photoprism"; - # volumes = [ - # "/media/pictures/photoprism/storage:/photoprism/storage" - # "/media/pictures/photoprism/originals:/photoprism/originals" - # "/media/pictures/photoprism/import:/photoprism/import" - # ]; - # environment = { - # PHOTOPRISM_HTTP_PORT = "2343"; - # PHOTOPRISM_UPLOAD_NSFW = "true"; - # PHOTOPRISM_DETECT_NSFW = "false"; - # PHOTOPRISM_UID = "${toString config.users.users.photoprism.uid}"; - # PHOTOPRISM_GID = "${toString config.users.groups.photoprism.gid}"; - # #PHOTOPRISM_SITE_URL = "https://photos.tapenet.org/"; - # PHOTOPRISM_SITE_URL = "https://box.humpback-trout.ts.net/photos"; - # PHOTOPRISM_SETTINGS_HIDDEN = "false"; - # PHOTOPRISM_DATABASE_DRIVER = "sqlite"; - # }; - # }; - #}; - users.groups.media = { name = "media"; - members = ["qbit" "sonarr" "radarr" "lidarr" "nzbget" "jellyfin" "headphones"]; + members = ["qbit" "sonarr" "radarr" "lidarr" "nzbget" "jellyfin" "headphones" "rtorrent" "readarr"]; }; + users.groups.photos = { + name = "photos"; + members = ["qbit"]; + }; + + users.groups.photoprism = { + name = "photoprism"; + gid = 986; + }; + users.users.photoprism = { + uid = 991; + name = "photoprism"; + isSystemUser = true; + hashedPassword = null; + group = "photoprism"; + shell = "/bin/sh"; + openssh.authorizedKeys.keys = pubKeys; + }; + + systemd.services.photoprism = { + serviceConfig = { + WorkingDirectory = lib.mkForce "/media/pictures/photoprism"; + }; + preStart = lib.mkForce ""; + }; + + hardware.rtl-sdr.enable = true; + services = { + mosquitto = { + enable = true; + listeners = [ + { + acl = ["pattern readwrite #"]; + omitPasswordAuth = true; + settings.allow_anonymous = true; + } + ]; + }; + + avahi = { + enable = true; + openFirewall = true; + }; + home-assistant = { + enable = true; + extraPackages = python3Packages: + with python3Packages; [ + pyipp + pymetno + ]; + extraComponents = [ + "airthings" + "airthings_ble" + "airvisual" + "airvisual_pro" + "apple_tv" + #"aprs" + "brother" + "esphome" + "ffmpeg" + "homekit" + "homekit_controller" + "icloud" + "jellyfin" + "logger" + "met" + "mqtt" + "nextdns" + "openevse" + "prometheus" + "pushover" + "rest" + "snmp" + "zeroconf" + ]; + config = { + mqtt.sensor = [ + ]; + logger = { + default = "warning"; + logs = { + #"homeassistant.components.aprs" = "debug"; + }; + }; + "automation manual" = [ + ]; + "automation ui" = "!include automations.yaml"; + rest = [ + { + resource = "http://127.0.0.1:9001/api/v1/query?query=rtl_433_temperature_celsius"; + sensor = { + name = "rtl_433_temperature_celsius"; + value_template = "{{value_json.data.result[0].value[1]}}"; + }; + } + { + resource = "http://127.0.0.1:9001/api/v1/query?query=wstation_temp_c"; + sensor = { + name = "wstation_garage_temp_c"; + value_template = "{{value_json.data.result[0].value[1]}}"; + }; + } + ]; + device_tracker = [ + ]; + default_config = {}; + http = { + use_x_forwarded_for = true; + server_host = "127.0.0.1"; + trusted_proxies = "127.0.0.1"; + }; + homeassistant = { + name = "Home"; + time_zone = "America/Denver"; + temperature_unit = "C"; + unit_system = "metric"; + longitude = -104.72; + latitude = 38.35; + }; + }; + }; + #photoprism = { + # enable = true; + # port = 2343; + # storagePath = "/media/pictures/photoprism/storage"; + # originalsPath = "/media/pictures/photoprism/originals"; + # importPath = "/media/pictures/photoprism/import"; + # settings = { + # PHOTOPRISM_UPLOAD_NSFW = "true"; + # PHOTOPRISM_DETECT_NSFW = "false"; + # PHOTOPRISM_SITE_URL = "https://box.humpback-trout.ts.net/photos"; + # PHOTOPRISM_SETTINGS_HIDDEN = "false"; + # PHOTOPRISM_DATABASE_DRIVER = "sqlite"; + # }; + #}; + #nextcloud = { + # enable = true; + # enableBrokenCiphersForSSE = false; + # hostName = "box.humpback-trout.ts.net"; + # home = "/media/nextcloud"; + # https = true; + + # package = pkgs.nextcloud27; + # extraApps = with config.services.nextcloud.package.packages.apps; { + # inherit bookmarks calendar contacts notes tasks twofactor_webauthn; + # }; + + # extraAppsEnable = true; + + # config = { + # overwriteProtocol = "https"; + + # dbtype = "pgsql"; + # dbuser = "nextcloud"; + # dbhost = "/run/postgresql"; + # dbname = "nextcloud"; + # dbpassFile = "${config.sops.secrets.nextcloud_db_pass.path}"; + + # adminpassFile = "${config.sops.secrets.nextcloud_admin_pass.path}"; + # adminuser = "admin"; + # }; + #}; invidious = { enable = true; settings = { @@ -255,6 +402,19 @@ in { tor.enable = true; + transmission = { + enable = true; + group = "media"; + downloadDirPermissions = "770"; + settings = { + download-dir = "/media/downloads/torrents"; + }; + }; + readarr = { + enable = true; + dataDir = "/media/books"; + group = "media"; + }; sonarr.enable = true; radarr.enable = true; lidarr.enable = true; @@ -288,6 +448,7 @@ in { calibre-web = { enable = true; + group = "media"; options = {enableBookUploading = true;}; listen.port = 8909; listen.ip = "127.0.0.1"; @@ -446,9 +607,33 @@ in { }; nginx = {enable = true;}; + + rtl_433 = { + enable = true; + group = "plugdev"; + ids = [ + { + id = 55; + name = "LaCrosse-TX141Bv3"; + location = "Kitchen"; + } + ]; + }; }; scrapeConfigs = [ + { + job_name = "rtl_433"; + static_configs = [ + { + targets = [ + "127.0.0.1:${ + toString config.services.prometheus.exporters.rtl_433.port + }" + ]; + } + ]; + } { job_name = "box"; static_configs = [ @@ -483,11 +668,7 @@ in { } { job_name = "namish"; - static_configs = [{targets = ["10.6.0.2:9100"];}]; - } - { - job_name = "router"; - static_configs = [{targets = ["10.6.0.1:9100"];}]; + static_configs = [{targets = ["10.200.0.100:9100"];}]; } { job_name = "nginx"; @@ -522,7 +703,7 @@ in { stateDir = "/media/git"; appName = "Tape:neT"; - package = inputs.unstable.legacyPackages.${pkgs.system}.gitea; + package = inputs.unstable.legacyPackages.${pkgs.system}.forgejo; lfs.enable = true; @@ -592,6 +773,18 @@ in { ''; virtualHosts = { + "home.bold.daemon" = { + forceSSL = true; + sslCertificateKey = "${config.sops.secrets.home_key.path}"; + sslCertificate = "${config.sops.secrets.home_cert.path}"; + extraConfig = '' + proxy_buffering off; + ''; + locations."/" = { + proxyPass = "http://127.0.0.1:8123"; + proxyWebsockets = true; + }; + }; "invidious.bold.daemon" = { forceSSL = true; sslCertificateKey = "${config.sops.secrets.invidious_key.path}"; @@ -747,6 +940,19 @@ in { ''; }; }; + "readarr.bold.daemon" = { + sslCertificateKey = "${config.sops.secrets.readarr_key.path}"; + sslCertificate = "${config.sops.secrets.readarr_cert.path}"; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:8787"; + proxyWebsockets = true; + extraConfig = '' + ${httpAllow} + deny all; + ''; + }; + }; "graph.bold.daemon" = { sslCertificateKey = "${config.sops.secrets.graph_key.path}"; @@ -818,7 +1024,14 @@ in { enable = true; dataDir = "/db/postgres"; - ensureDatabases = ["nextcloud" "gitea"]; + #enableTCPIP = true; + #authentication = pkgs.lib.mkOverride 14 '' + # local all all trust + # host all all 127.0.0.1/32 trust + # host all all ::1/128 trust + #''; + + ensureDatabases = ["nextcloud" "gitea" "invidious"]; ensureUsers = [ { name = "nextcloud"; diff --git a/hosts/europa/default.nix b/hosts/europa/default.nix index 0110651..5c9054a 100644 --- a/hosts/europa/default.nix +++ b/hosts/europa/default.nix @@ -1,4 +1,5 @@ { + inputs, config, pkgs, lib, @@ -13,9 +14,12 @@ with lib; let inherit lib; inherit config; }); - myEmacs = pkgs.callPackage ../../configs/emacs.nix {}; + #myEmacs = pkgs.callPackage ../../configs/emacs.nix { }; + doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override { + doomPrivateDir = ../../configs/doom.d; + }; peerixUser = - if hasAttr "peerix" config.users.users + if builtins.hasAttr "peerix" config.users.users then config.users.users.peerix.name else "root"; jobs = [ @@ -86,10 +90,13 @@ in { }; }; - boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"]; - nixpkgs.config.allowUnsupportedSystem = true; + nixpkgs.config = { + allowUnfree = true; + allowUnsupportedSystem = true; + }; boot = { + binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"]; initrd.systemd.enable = true; loader = { systemd-boot.enable = true; @@ -100,24 +107,25 @@ in { }; kernelParams = ["boot.shell_on_fail" "mem_sleep_default=deep"]; kernelPackages = pkgs.linuxPackages_latest; - #kernelPackages = pkgs.linuxPackages; }; - sshFidoAgent.enable = true; + sshFidoAgent.enable = lib.mkDefault true; nixManager = { - enable = true; + enable = lib.mkDefault true; user = "qbit"; }; - kde.enable = true; - jetbrains.enable = true; + kde.enable = lib.mkDefault true; - virtualisation.libvirtd.enable = true; + virtualisation.libvirtd.enable = lib.mkDefault true; networking = { hostName = "europa"; hostId = "87703c3e"; + hosts = { + "192.168.122.6" = ["chubs"]; + }; wireless.userControlled.enable = true; networkmanager.enable = true; @@ -148,6 +156,7 @@ in { shellAliases = { "gh" = "op plugin run -- gh"; "nixpkgs-review" = "env GITHUB_TOKEN=$(op item get nixpkgs-review --field token) nixpkgs-review"; + "clilol" = "env CLILOL_APIKEY=$(op item get omglol-cli --field credential) clilol"; "godeps" = "go list -m -f '{{if not (or .Indirect .Main)}}{{.Path}}{{end}}' all"; "mutt" = "neomutt -F /etc/neomuttrc"; "neomutt" = "neomutt -F /etc/neomuttrc"; @@ -185,6 +194,11 @@ in { ]; }; }; + avahi = { + enable = true; + openFirewall = true; + }; + printing.enable = true; restic = { backups = { local = { @@ -202,11 +216,11 @@ in { pcscd.enable = true; vnstat.enable = true; clamav.updater.enable = true; - emacs = { - enable = true; - package = myEmacs; - install = true; - }; + #emacs = { + # enable = true; + # package = myEmacs; + # install = true; + #}; tor = { enable = true; client.enable = true; @@ -262,11 +276,10 @@ in { users.users.qbit.extraGroups = [ "dialout" "libvirtd" + "plugdev" #"docker" ]; - nixpkgs.config.allowUnfree = true; - environment.sessionVariables = { XDG_BIN_HOME = "\${HOME}/.local/bin"; XDG_CACHE_HOME = "\${HOME}/.cache"; @@ -280,10 +293,13 @@ in { environment.systemPackages = with pkgs; [ opensnitch-ui + doom-emacs barrier calibre + chirp cider clementine + direwolf element-desktop elmPackages.elm elmPackages.elm-format @@ -293,7 +309,10 @@ in { entr exercism gh + gimp git-credential-1password + gqrx + hackrf isync klavaro minicom @@ -305,12 +324,15 @@ in { nmap nushell obsidian - pharo - pharo-launcher + picocom proton-caller protonup-ng + python3Packages.meshtastic + qdmr rex rofi + rtl-sdr + sdrpp signal-desktop taskobs tcpdump @@ -319,13 +341,14 @@ in { tidal-hifi tigervnc unzip + veilid virt-manager + w3m yt-dlp #yubioath-flutter zig - talon - + (callPackage ../../pkgs/clilol.nix {}) (callPackage ../../pkgs/iamb.nix {}) (callPackage ../../pkgs/kobuddy.nix { inherit pkgs; @@ -341,6 +364,7 @@ in { ; }) (callPackage ../../pkgs/gokrazy.nix {}) + (callPackage ../../pkgs/mvoice.nix {}) (callPackage ../../pkgs/zutty.nix {}) restic diff --git a/hosts/europa/hardware-configuration.nix b/hosts/europa/hardware-configuration.nix index c9d549c..b388dce 100644 --- a/hosts/europa/hardware-configuration.nix +++ b/hosts/europa/hardware-configuration.nix @@ -39,5 +39,6 @@ cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; bluetooth.enable = true; + rtl-sdr.enable = true; }; } diff --git a/hosts/faf/default.nix b/hosts/faf/default.nix index 4cad07e..b3a0933 100644 --- a/hosts/faf/default.nix +++ b/hosts/faf/default.nix @@ -115,6 +115,8 @@ in { ''"radarr.bold.daemon. IN A 100.120.151.126"'' ''"reddit.bold.daemon. IN A 100.120.151.126"'' ''"sonarr.bold.daemon. IN A 100.120.151.126"'' + ''"readarr.bold.daemon. IN A 100.120.151.126"'' + ''"home.bold.daemon. IN A 100.120.151.126"'' ''"graph.bold.daemon. IN A 100.120.151.126"'' ''"invidious.bold.daemon. IN A 100.120.151.126"'' ''"router.bold.daemon. IN A 10.6.0.1"'' diff --git a/hosts/h/default.nix b/hosts/h/default.nix index 768b0fe..8639def 100644 --- a/hosts/h/default.nix +++ b/hosts/h/default.nix @@ -2,6 +2,7 @@ config, pkgs, isUnstable, + inputs, ... }: with pkgs; let @@ -35,6 +36,11 @@ with pkgs; let allow 10.20.30.1/32; ''; + mtxCfg = { + port = 8009; + address = "127.0.0.1"; + }; + matrixServer = "tapenet.org"; matrixClientConfig = { "m.homeserver".base_url = "https://${matrixServer}:443"; @@ -53,7 +59,7 @@ with pkgs; let }; mkMatrixLoc = { proxyWebsockets = true; - proxyPass = "http://127.0.0.1:8009"; + proxyPass = "http://${mtxCfg.address}:${toString mtxCfg.port}"; }; in { _module.args.isUnstable = false; @@ -145,6 +151,11 @@ in { owner = config.services.tsrevprox.user; sopsFile = config.xin-secrets.h.services; }; + writefreely = { + mode = "400"; + owner = config.services.writefreely.user; + sopsFile = config.xin-secrets.h.services; + }; }; networking = { @@ -257,6 +268,21 @@ in { }; services = { + heisenbridge = { + enable = true; + homeserver = "http://${mtxCfg.address}:${toString mtxCfg.port}"; + owner = "@qbit:tapenet.org"; + namespaces = { + users = [ + { + regex = "@irc_.*"; + exclusive = true; + } + ]; + aliases = []; + rooms = []; + }; + }; tsrevprox = { enable = true; reverseName = "pr-status"; @@ -390,6 +416,8 @@ in { "/var/lib/gotosocial" "/var/lib/mcchunkie" "/var/lib/taskserver" + "/var/lib/heisenbridge" + "/var/lib/writefreely" ]; timerConfig = {OnCalendar = "00:05";}; @@ -399,6 +427,26 @@ in { }; }; + writefreely = { + enable = true; + host = "arst.lol"; + settings = { + server.port = 3287; + app = { + single_user = true; + min_username_len = 4; + federation = true; + monetization = false; + wf_modesty = true; + }; + }; + database.migrate = true; + admin = { + name = "qbit"; + initialPasswordFile = "${config.sops.secrets.writefreely.path}"; + }; + }; + nginx = { enable = true; @@ -470,6 +518,22 @@ in { proxyPass = "http://localhost:9009/weechat"; }; }; + "arst.lol" = { + forceSSL = true; + enableACME = true; + root = "/var/www/arst.lol"; + locations."/" = { + proxyWebsockets = true; + proxyPass = "http://127.0.0.1:${ + toString config.services.writefreely.settings.server.port + }"; + }; + }; + #"embracethe.lol" = { + # forceSSL = true; + # enableACME = true; + # root = "/var/www/embracethe.lol"; + #}; "notes.suah.dev" = { forceSSL = true; enableACME = true; @@ -746,6 +810,10 @@ in { "https://matrix.to/#/#go-lang:matrix.org" "https://matrix.to/#/#plan9:matrix.org" "https://matrix.to/#/#nix-openbsd:tapenet.org" + "https://matrix.to/#/#cobug:tapenet.org" + "https://matrix.to/#/#gosec:tapenet.org" + "https://matrix.to/#/#gophers-offtopic:matrix.org" + "https://matrix.to/#/#devious:tapenet.org" ]; settings = { verboseLogging = false; @@ -785,6 +853,9 @@ in { signing_key_path = "${config.sops.secrets.synapse_signing_key.path}"; url_preview_enabled = false; plugins = with config.services.matrix-synapse.package.plugins; [matrix-synapse-mjolnir-antispam]; + app_service_config_files = [ + "/var/lib/heisenbridge/registration.yml" + ]; database = { name = "psycopg2"; args = { @@ -794,8 +865,8 @@ in { }; listeners = [ { - bind_addresses = ["127.0.0.1"]; - port = 8009; + inherit (mtxCfg) port; + bind_addresses = [mtxCfg.address]; resources = [ { compress = true; diff --git a/hosts/plq/default.nix b/hosts/plq/default.nix index db45218..4f90f21 100644 --- a/hosts/plq/default.nix +++ b/hosts/plq/default.nix @@ -1,5 +1,6 @@ { pkgs, + lib, isUnstable, ... }: let @@ -14,6 +15,8 @@ in { networking.hostName = "plq"; + security.pam.enableSudoTouchIdAuth = true; + programs = { zsh = { enable = true; @@ -22,10 +25,16 @@ in { ''; }; }; - services.nix-daemon.enable = true; - nix.package = pkgs.nix; - - services.emacs.package = pkgs.emacsUnstable; + nix = { + package = pkgs.nix; + settings = { + sandbox = true; + }; + }; + services = { + nix-daemon.enable = true; + emacs.package = pkgs.emacsUnstable; + }; system = { keyboard = { @@ -47,23 +56,32 @@ in { }; }; + nixpkgs.config = { + allowUnfree = true; + allowUnfreePredicate = pkg: + builtins.elm (lib.getName pkg) [ + "obsidian" + ]; + }; + environment.variables = { SSH_AUTH_SOCK = "$HOME/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/socket.ssh"; }; environment.systemPackages = with pkgs; [ - (callPackage ../../pkgs/nheko.nix {inherit isUnstable;}) (callPackage ../../pkgs/secretive.nix {inherit isUnstable;}) (callPackage ../../pkgs/hammerspoon.nix {inherit isUnstable;}) - nixpkgs-review direnv + exiftool gh go mosh + nb neovim - nixfmt + nixpkgs-review nmap + obsidian rage statix ]; diff --git a/hosts/pwntie/default.nix b/hosts/pwntie/default.nix index 82f0481..3fe21e7 100644 --- a/hosts/pwntie/default.nix +++ b/hosts/pwntie/default.nix @@ -1,11 +1,20 @@ -{pkgs, ...}: let - myEmacs = pkgs.callPackage ../../configs/emacs.nix {}; +{ + pkgs, + config, + ... +}: let + #myEmacs = pkgs.callPackage ../../configs/emacs.nix { }; pubKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" ]; in { _module.args.isUnstable = false; - imports = [./hardware-configuration.nix]; + imports = [ + ./hardware-configuration.nix + ../../modules/rtlamr2mqtt.nix + ]; + + hardware.rtl-sdr.enable = true; # Bootloader. boot.loader.systemd-boot.enable = true; @@ -38,19 +47,24 @@ in { PATH = ["\${XDG_BIN_HOME}"]; }; - users.users.qbit.extraGroups = ["dialout" "libvirtd" "docker"]; + users.users.qbit.extraGroups = ["dialout" "libvirtd" "docker" "plugdev"]; - nixpkgs.config.allowUnfree = true; + #nixpkgs.config.allowUnfree = true; + environment.systemPackages = with pkgs; [ + rtl-sdr + direwolf + (callPackage ../../pkgs/rtlamr.nix {}) + ]; - programs = { - steam.enable = true; - _1password.enable = true; - _1password-gui = { - enable = true; - polkitPolicyOwners = ["qbit"]; - }; - dconf.enable = true; - }; + #programs = { + # steam.enable = true; + # _1password.enable = true; + # _1password-gui = { + # enable = true; + # polkitPolicyOwners = [ "qbit" ]; + # }; + # dconf.enable = true; + #}; xinCI = { user = "qbit"; @@ -58,11 +72,45 @@ in { }; services = { - emacs = { + rtlamr2mqtt = { enable = true; - package = myEmacs; - install = true; + configuration = { + general = { + device_ids_path = "${config.services.rtlamr2mqtt.package}/sdl_ids.txt"; + sleep_for = 0; + verbosity = "debug"; + tickle_rtl_tcp = false; + device_id = "0bda:2838"; + }; + mqtt = { + host = "10.6.0.15"; + port = 1883; + tls_enabled = false; + ha_autodiscovery = true; + base_topec = "rtlamr"; + }; + custom_parameters = { + rtltcp = "-s 2048000"; + rtlamr = "-unique=true -symbollength=32"; + }; + meters = [ + { + id = 48582066; + protocol = "scm"; + name = "gas_meter"; + unit_of_measurement = "ft³"; + icon = "mdi:gas-burner"; + device_class = "gas"; + state_class = "total_increasing"; + } + ]; + }; }; + #emacs = { + # enable = true; + # package = myEmacs; + # install = true; + #}; fwupd = { enable = true; enableTestRemote = true; diff --git a/hosts/stan/default.nix b/hosts/stan/default.nix index fbc84ae..1298255 100644 --- a/hosts/stan/default.nix +++ b/hosts/stan/default.nix @@ -1,5 +1,6 @@ { config, + inputs, pkgs, ... }: let @@ -12,11 +13,13 @@ userBase = { openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys; }; - myEmacs = pkgs.callPackage ../../configs/emacs.nix {}; peerixUser = if builtins.hasAttr "peerix" config.users.users then config.users.users.peerix.name else "root"; + doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override { + doomPrivateDir = ../../configs/doom.d; + }; in { _module.args.isUnstable = true; imports = [./hardware-configuration.nix]; @@ -97,7 +100,7 @@ in { "172.16.30.253" = ["proxmox-02.vm.calyptix.local"]; "127.0.0.1" = ["borg.calyptix.dev" "localhost"]; "192.168.122.249" = ["arst.arst" "vm"]; - "192.168.54.1" = ["router.arst" "router"]; + "192.168.8.194" = ["router.arst" "router"]; }; networkmanager.enable = true; @@ -111,7 +114,6 @@ in { kde.enable = true; defaultUsers.enable = false; - jetbrains.enable = true; sshFidoAgent.enable = true; sops.secrets = { @@ -159,7 +161,7 @@ in { environment.systemPackages = with pkgs; [ barrier bitwarden - brave + doom-emacs fzf google-chrome-dev ispell @@ -187,6 +189,8 @@ in { virtualisation.libvirtd.enable = true; + programs.git.config.safe.directory = "/home/abieber/aef100"; + programs = { dconf.enable = true; zsh.enable = true; @@ -199,11 +203,6 @@ in { }; services = { - emacs = { - enable = true; - package = myEmacs; - install = true; - }; printing.enable = true; fwupd.enable = true; unifi.enable = false; @@ -215,7 +214,7 @@ in { }; programs.ssh.knownHosts = { - "[192.168.122.249]:7022".publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJd1dn/0YmUEInXbNTpUFNwzDrP0/FoMEJJc+3yYkZaCMrT0WPS5rFlkWJZ8mQf8udnfUWnTZzpDwIvXpfMQqf0="; + "[192.168.122.249]:7022".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOzf2Rv6FZYuH758TlNBcq4CXAHTPJxe5qoQTRM3nRc"; }; system.autoUpgrade.allowReboot = false; diff --git a/hosts/weatherzero/default.nix b/hosts/weatherzero/default.nix new file mode 100644 index 0000000..6f519c3 --- /dev/null +++ b/hosts/weatherzero/default.nix @@ -0,0 +1,56 @@ +{ + config, + pkgs, + lib, + ... +}: let + pubKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local" + ]; + userBase = { + openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys; + }; +in { + _module.args.isUnstable = false; + imports = [ + ./hardware-configuration.nix + ]; + + defaultUsers.enable = false; + + boot = { + initrd.availableKernelModules = lib.mkForce [ + "mmc_block" + "usbhid" + "hid_generic" + "hid_microsoft" + ]; + + supportedFilesystems = lib.mkForce ["vfat"]; + + kernelPackages = lib.mkForce pkgs.linuxPackages_rpi0; + }; + + networking = { + hostName = "wzero"; + networkmanager = {enable = true;}; + wireless.userControlled.enable = true; + hosts."100.120.151.126" = ["graph.tapenet.org"]; + }; + + users.users.weather = { + shell = pkgs.zsh; + isNormalUser = true; + description = "Weather"; + extraGroups = ["wheel"]; + }; + + preDNS.enable = false; + users.users.root = userBase; + + #environment.systemPackages = with pkgs; [ + #]; + + system.stateVersion = "21.11"; +} diff --git a/hosts/weatherzero/hardware-configuration.nix b/hosts/weatherzero/hardware-configuration.nix new file mode 100644 index 0000000..6696d91 --- /dev/null +++ b/hosts/weatherzero/hardware-configuration.nix @@ -0,0 +1,14 @@ +{pkgs, ...}: { + hardware = { + deviceTree = { + enable = true; + overlays = ["${pkgs.device-tree_rpi.overlays}/hifiberry-dac.dtbo"]; + }; + + enableRedistributableFirmware = true; + i2c.enable = true; + firmware = with pkgs; [ + raspberrypiWirelessFirmware + ]; + }; +} diff --git a/install_template.nix b/install_template.nix index 18e396a..fb0dbf0 100644 --- a/install_template.nix +++ b/install_template.nix @@ -42,7 +42,7 @@ in { }; # neovim will overwrite my neovim!! - environment.systemPackages = with pkgs; [neovim nixfmt jq]; + environment.systemPackages = with pkgs; [neovim jq]; services.openssh = { enable = true; diff --git a/installer.nix b/installer.nix index 7b57edc..d390a0f 100644 --- a/installer.nix +++ b/installer.nix @@ -102,7 +102,7 @@ in { ''; boot.tmp.cleanOnBoot = true; - environment.systemPackages = with pkgs; [apg inetutils nixfmt]; + environment.systemPackages = with pkgs; [apg inetutils]; environment.interactiveShellInit = '' alias vi=nvim diff --git a/lib/default.nix b/lib/default.nix index 636290a..5350f9f 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -24,6 +24,12 @@ in prStatus; prIsOpen = { + option = pr: a: let + prStatus = getPrStatus pr; + in + if prStatus.status == "open" + then a + else {}; pkg = pr: localPkg: upstreamPkg: let prStatus = getPrStatus pr; in @@ -128,6 +134,7 @@ ''; nativeBuildInputs = with pkgs; [ curl + dasel deadnix git git-bug @@ -136,6 +143,7 @@ nil nix-diff nix-output-monitor + nix-prefetch-github shfmt sops ssh-to-age diff --git a/modules/rtlamr2mqtt.nix b/modules/rtlamr2mqtt.nix new file mode 100644 index 0000000..fa35730 --- /dev/null +++ b/modules/rtlamr2mqtt.nix @@ -0,0 +1,81 @@ +{ + config, + lib, + pkgs, + ... +}: +with pkgs; let + cfg = config.services.rtlamr2mqtt; + rtlamr2mqtt = pkgs.python3Packages.callPackage ../pkgs/rtlamr2mqtt.nix {}; + settingsFormat = pkgs.formats.json {}; + settingsType = settingsFormat.type; + prettyJSON = conf: + pkgs.runCommandLocal "rtlamr2mqtt-config.json" {} '' + echo '${ + builtins.toJSON conf + }' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out + ''; +in { + options = with lib; { + services.rtlamr2mqtt = { + enable = mkEnableOption "Enable rtlamr2mqtt"; + + user = mkOption { + type = with types; oneOf [str int]; + default = "rtlamr2mqtt"; + description = '' + The user the service will use. + ''; + }; + + group = mkOption { + type = with types; oneOf [str int]; + default = "rtlamr2mqtt"; + description = '' + The user the service will use. + ''; + }; + + configuration = mkOption { + type = settingsType; + description = '' + Specify the configuration for rtlamr2mqtt in Nix. + ''; + }; + + package = mkOption { + type = types.package; + default = rtlamr2mqtt; + defaultText = literalExpression "pkgs.rtlamr2mqtt"; + description = "The package to use for rtlamr2mqtt"; + }; + }; + }; + + config = lib.mkIf cfg.enable { + users.groups.rtlamr2mqtt = {}; + users.users.rtlamr2mqtt = { + description = "rtlamr2mqtt service user"; + isSystemUser = true; + home = "/var/lib/rtlamr2mqtt"; + createHome = true; + group = "rtlamr2mqtt"; + extraGroups = ["plugdev"]; + }; + + systemd.services.rtlamr2mqtt = { + enable = true; + description = "rtlamr2mqtt server"; + wantedBy = ["multi-user.target"]; + + serviceConfig = { + User = cfg.user; + Group = cfg.group; + + RuntimeDirectory = "/var/lib/rtlamr2mqtt"; + + ExecStart = "${cfg.package}/bin/rtlamr2mqtt ${prettyJSON cfg.configuration}"; + }; + }; + }; +} diff --git a/monitoring/default.nix b/monitoring/default.nix index 7bb1b43..4ddb591 100644 --- a/monitoring/default.nix +++ b/monitoring/default.nix @@ -15,12 +15,15 @@ with lib; let ; nginxCfg = config.services.nginx; - buildFSChecker = fsList: (concatStringsSep "\n" (attrValues (mapAttrs (f: _: '' + buildFSChecker = fsList: (concatStringsSep "\n" (attrValues (mapAttrs (f: v: + if v.fsType != "sshfs" + then '' check filesystem ${replaceStrings ["/"] ["_"] f} with path ${f} if space usage > 90% then alert if inode usage > 90% then alert - '') - fsList))); + '' + else "") + fsList))); buildNginxChecker = vhostList: (concatStringsSep "\n" (attrValues (mapAttrs (f: v: '' check host ${f} with address ${f} if failed port 80 protocol http then alert diff --git a/overlays/default.nix b/overlays/default.nix index f462967..8fd09d1 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -7,22 +7,45 @@ #_1password-gui = prIsOpen.overlay 235900 (import ./1password-gui.nix); #openssh = import ./openssh.nix; #obsidian = prIsOpen.overlay 235408 (import ./obsidian.nix); - tailscale = prIsOpen.overlay 239176 import ./tailscale.nix; - #jetbrains = prIsOpen 232308 (import ./jetbrains.nix); - tidal-hifi = prIsOpen.overlay 238572 (import ./tidal-hifi.nix); - matrix-synapse = prIsOpen.overlay 238845 (import ./matrix-synapse.nix); - nixd = prIsOpen.overlay 238779 (import ./nixd.nix); + #tailscale = prIsOpen.overlay 239176 import ./tailscale.nix; + #tidal-hifi = prIsOpen.overlay 239732 (import ./tidal-hifi.nix); + matrix-synapse = prIsOpen.overlay 252544 (import ./matrix-synapse.nix); + #nixd = prIsOpen.overlay 238779 (import ./nixd.nix); + heisenbridge = prIsOpen.overlay 0 (import ./heisenbridge.nix); + #rex = prIsOpen.overlay 0 (import ./rex.nix); in { nixpkgs.overlays = if isUnstable then [ - tailscale - tidal-hifi - nixd + #rex + heisenbridge + (_: super: { + clementine = super.clementine.overrideAttrs (_: { + patches = [ + (super.fetchpatch { + name = "clementine-di-radio-fix.diff"; + url = "https://patch-diff.githubusercontent.com/raw/clementine-player/Clementine/pull/7217.diff"; + hash = "sha256-kaKc2YFkXJRPibbKbBCHvlm6Y/H9zS83ohMxtUNUFlM="; + }) + ]; + }); + }) ] else [ + #rex matrix-synapse - tailscale + heisenbridge + (_: super: { + invidious = super.invidious.overrideAttrs (_: { + patches = [ + (super.fetchpatch { + name = "invidious-newpipe.diff"; + url = "https://patch-diff.githubusercontent.com/raw/iv-org/invidious/pull/4037.patch"; + hash = "sha256-KyqQtmfIPIX48S8SZnSlvCLvdw6Ws1u0oWEk8jLKWlU="; + }) + ]; + }); + }) ]; } # Example Python dep overlay diff --git a/overlays/heisenbridge.nix b/overlays/heisenbridge.nix new file mode 100644 index 0000000..8eef035 --- /dev/null +++ b/overlays/heisenbridge.nix @@ -0,0 +1,17 @@ +let + hash = "sha256-OmAmgHM+EmJ3mUY4lPBxIv2rAq8j2QEeTUMux7ZBfRE="; + heisenbridge = _: super: { + heisenbridge = super.heisenbridge.overrideAttrs (_: rec { + version = "1.14.5"; + pname = "heisenbridge"; + + src = super.fetchFromGitHub { + owner = "hifi"; + repo = pname; + rev = "refs/tags/v${version}"; + inherit hash; + }; + }); + }; +in + heisenbridge diff --git a/overlays/jetbrains.nix b/overlays/jetbrains.nix deleted file mode 100644 index 724bcfa..0000000 --- a/overlays/jetbrains.nix +++ /dev/null @@ -1,17 +0,0 @@ -let - jetbrains = _: super: { - # Override jetbrains idea-ultimate until the newer version is available - jetbrains = - super.jetbrains - // { - idea-ultimate = super.jetbrains.idea-ultimate.overrideAttrs (_: rec { - version = "2023.1.2"; - src = super.fetchurl { - url = "https://download-cdn.jetbrains.com/idea/ideaIU-${version}.tar.gz"; - sha256 = "sha256-4aJgcOkb3Gp9JirtoxanKQjR/7uLUA8IZmW/zSneJJo="; - }; - }); - }; - }; -in - jetbrains diff --git a/overlays/matrix-synapse.nix b/overlays/matrix-synapse.nix index 67b305a..300af0c 100644 --- a/overlays/matrix-synapse.nix +++ b/overlays/matrix-synapse.nix @@ -1,20 +1,21 @@ let + hash = "sha256-rLEewCN8OdZ4wIWQRbLkxVF/VOAESTLAVQLfUu/PYsA="; + sha256 = "sha256-aOoSvT6e2x7JcXoQ2sVTCDvkWupixLzpbk3cTHVQs7I="; matrix-synapse = _: super: { matrix-synapse = super.matrix-synapse.overrideAttrs (_: rec { - version = "1.86.0"; + version = "1.91.0"; pname = "matrix-synapse"; src = super.fetchFromGitHub { owner = "matrix-org"; repo = "synapse"; rev = "v${version}"; - hash = "sha256-vSNAISWTTT3IAeA8hxQhQNp9T3soey4vgh7v+BxI+K0="; + inherit hash; }; cargoDeps = super.rustPlatform.fetchCargoTarball { - inherit src; + inherit src sha256; name = "${pname}-${version}"; - sha256 = "sha256-lPLhh5FkxpBUQ5UH6eAfUIyGvHIcZHmbYBT5QUW/W4k="; }; }); }; diff --git a/overlays/rex.nix b/overlays/rex.nix new file mode 100644 index 0000000..d419799 --- /dev/null +++ b/overlays/rex.nix @@ -0,0 +1,10 @@ +let + rex = _: super: { + rex = super.rex.overrideAttrs (_: { + postPatch = '' + patchShebangs bin + ''; + }); + }; +in + rex diff --git a/overlays/tailscale.nix b/overlays/tailscale.nix index f4f3e2b..158adc9 100644 --- a/overlays/tailscale.nix +++ b/overlays/tailscale.nix @@ -12,24 +12,20 @@ let "-X tailscale.com/version.shortStamp=${version}" ]; - #tailscale = _: super: { - # tailscale = super.tailscale.overrideAttrs (_: { - # version = "1.44.0"; - # src = super.fetchFromGitHub fetchArgs - # inherit vendorHash ldflags version; - # ]; - # }); - #}; - tailscale = _: super: { - tailscale = super.callPackage "${super.path}/pkgs/servers/tailscale" { - buildGoModule = args: - super.buildGo120Module (args - // { - src = super.fetchFromGitHub fetchArgs; - inherit vendorHash ldflags version; - }); - }; + tailscale = super.tailscale.overrideAttrs (_: { + src = super.fetchFromGitHub fetchArgs; + inherit vendorHash ldflags version; + }); }; + #tailscale = _: super: { + # tailscale = super.callPackage "${super.path}/pkgs/servers/tailscale" { + # buildGoModule = args: + # super.buildGo120Module (args // { + # src = super.fetchFromGitHub fetchArgs; + # inherit vendorHash ldflags version; + # }); + # }; + #}; in tailscale diff --git a/overlays/tidal-hifi.nix b/overlays/tidal-hifi.nix index e941873..e24d708 100644 --- a/overlays/tidal-hifi.nix +++ b/overlays/tidal-hifi.nix @@ -1,11 +1,11 @@ let tidal-hifi = _: super: { tidal-hifi = super.tidal-hifi.overrideAttrs (_: rec { - version = "5.2.0"; + version = "5.3.0"; src = super.fetchurl { url = "https://github.com/Mastermindzh/tidal-hifi/releases/download/${version}/tidal-hifi_${version}_amd64.deb"; - sha256 = "sha256-ZdEbGsGt1Z/vve3W/Z6Pw1+m5xoTY/l7Es03yM4T0tE="; + sha256 = "sha256-YGSHEvanWek6qiWvKs6g+HneGbuuqJn/DBfhawjQi5M="; }; }); }; diff --git a/pkgs/clilol.nix b/pkgs/clilol.nix new file mode 100644 index 0000000..536cfd6 --- /dev/null +++ b/pkgs/clilol.nix @@ -0,0 +1,29 @@ +{ + lib, + buildGoModule, + fetchgit, + ... +}: +buildGoModule rec { + pname = "clilol"; + version = "1.0.4"; + + src = fetchgit { + url = "https://git.mcornick.dev/mcornick/clilol.git"; + rev = "v${version}"; + hash = "sha256-VlL5prd021JrOf33jUdqORk9MxpyRQHNMpqDoSLLYi8="; + }; + + vendorHash = "sha256-i4UG52Z1zTM4VHBaNf5IYfQKnpC5iZTkK6L5hyQ6f4s="; + + # attempts to make calls to api.omg.lol + doCheck = false; + + meta = with lib; { + description = "a CLI for omg.lol"; + homepage = "https://mcornick.dev/clilol/"; + changelog = "https://git.mcornick.dev/mcornick/clilol/releases/tag/${version}"; + license = licenses.mpl20; + maintainers = [maintainers.qbit]; + }; +} diff --git a/pkgs/fyne.nix b/pkgs/fyne.nix new file mode 100644 index 0000000..665e360 --- /dev/null +++ b/pkgs/fyne.nix @@ -0,0 +1,31 @@ +{ + lib, + buildGoModule, + fetchFromGitHub, + ... +}: +with lib; + buildGoModule rec { + pname = "fyne"; + version = "2.3.5"; + + src = fetchFromGitHub { + owner = "fyne-io"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-iSQ1oqUePxDyjQTKNazX0IZyHAoz50bqukV2CmQjrAk="; + }; + + vendorHash = null; + + proxyVendor = true; + + subPackages = ["cmd/fyne"]; + + meta = { + description = "Fyne command line tool"; + homepage = "https://github.com/fyne-io/fyne"; + license = licenses.bsd3; + maintainers = with maintainers; [qbit]; + }; + } diff --git a/pkgs/gotosocial.nix b/pkgs/gotosocial.nix index b9162e6..c07481d 100644 --- a/pkgs/gotosocial.nix +++ b/pkgs/gotosocial.nix @@ -1,21 +1,21 @@ { lib, - buildGo119Module, + buildGoModule, fetchFromGitHub, go, ffmpeg, ... }: let - gotosocialVersion = "0.9.0"; - gtswaHash = "sha256:1yxyl8q0dqpv3cqzxj0anh8rskk3rmw9mjnjkm4svc0vgaph1y1s"; - gtssHash = "sha256-UZRIQTdVESCYv2KW7HUS2c4bS5qnB7wdwiYAgEJ60fU="; + gotosocialVersion = "0.11.0"; + gtswaHash = "sha256:0qbs4a3wblrlcr1l5155p54vdd6hn2szkdns99wxjhjr8kw6dbil"; + gtssHash = "sha256-qbq5pDvG2L1s6BG+sh7eagcFNH/DWyANMQaAl2WcQzE="; gotosocialWebAssets = builtins.fetchurl { url = "https://github.com/superseriousbusiness/gotosocial/releases/download/v${gotosocialVersion}/gotosocial_${gotosocialVersion}_web-assets.tar.gz"; sha256 = gtswaHash; }; in with lib; - buildGo119Module rec { + buildGoModule rec { pname = "gotosocial"; version = gotosocialVersion; diff --git a/pkgs/govulncheck.nix b/pkgs/govulncheck.nix deleted file mode 100644 index bb5f8c5..0000000 --- a/pkgs/govulncheck.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - lib, - buildGoModule, - fetchFromGitHub, - ... -}: -with lib; - buildGoModule rec { - name = "vuln"; - - src = fetchFromGitHub { - owner = "golang"; - repo = name; - rev = "03dd099d9b0dd4e0a3ab25b3192b9d95c97252ea"; - sha256 = "sha256-UJ2svg/exjwH/T3dqHixRgD6ZqYjbV/MpnEEaFza6Ns="; - }; - - vendorSha256 = "sha256-tk186BCy8l0o1mxaWXcz0BWVMvvMvhEGcTmDdthJlcc="; - - #> github.com/tidwall/pretty@v1.2.0: is explicitly required in go.mod, but not marked as explicit in vendor/modules.txt - doCheck = false; - - subPackages = ["cmd/govulncheck"]; - - meta = { - description = "tools for the Go vulnerability database"; - homepage = "https://github.com/golang/vuln"; - license = licenses.isc; - maintainers = with maintainers; [qbit]; - }; - } diff --git a/pkgs/mvoice.nix b/pkgs/mvoice.nix new file mode 100644 index 0000000..7176a45 --- /dev/null +++ b/pkgs/mvoice.nix @@ -0,0 +1,51 @@ +{ + lib, + stdenv, + fetchFromGitHub, + pkgs, + ... +}: +stdenv.mkDerivation { + pname = "mvoice"; + version = "unstable-2023-05-30"; + + src = fetchFromGitHub { + owner = "n7tae"; + repo = "mvoice"; + rev = "8e0a9fb350f8308d7ee7e07e3cc48e7c33a7be64"; + sha256 = "sha256-DNCF/m56owu8DYcv2lLxUZ+mVpmivXbPjBFE2V/23pE="; + }; + + nativeBuildInputs = with pkgs; [ + alsa-lib + curl + fltk + gcc + gettext + gnutls + msgpack + opendht + paprefs + pavucontrol + pulseaudio + ]; + + prePatch = '' + substituteInPlace Makefile \ + --replace "/bin/cp" "cp" + substituteInPlace Makefile \ + --replace "/bin/rm" "rm" + ''; + + preBuild = '' + export HOME=$out + ''; + + meta = with lib; { + description = "A prototype M17 voice application for ham radio"; + homepage = "https://github.com/n7tae/mvoice"; + license = licenses.gpl3; + platforms = platforms.unix; + maintainers = with maintainers; [qbit]; + }; +} diff --git a/pkgs/openssh/common.nix b/pkgs/openssh/common.nix new file mode 100644 index 0000000..0c0aa39 --- /dev/null +++ b/pkgs/openssh/common.nix @@ -0,0 +1,165 @@ +{ pname +, version +, extraDesc ? "" +, src +, extraPatches ? [] +, extraNativeBuildInputs ? [] +, extraConfigureFlags ? [] +, extraMeta ? {} +}: + +{ lib, stdenv +# This *is* correct, though unusual. as a way of getting krb5-config from the +# package without splicing See: https://github.com/NixOS/nixpkgs/pull/107606 +, pkgs +, autoreconfHook +, zlib +, libressl +, libedit +, pkg-config +, pam +, libredirect +, etcDir ? "/etc/ssh" +, withKerberos ? true +, libkrb5 +, libfido2 +, hostname +, nixosTests +, withFIDO ? stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isMusl +, withPAM ? stdenv.hostPlatform.isLinux +, linkOpenssl ? true +}: + +stdenv.mkDerivation { + inherit pname version src; + + patches = [ + ./locale_archive.patch + + # See discussion in https://github.com/NixOS/nixpkgs/pull/16966 + ./dont_create_privsep_path.patch + ] ++ extraPatches; + + postPatch = + # On Hydra this makes installation fail (sometimes?), + # and nix store doesn't allow such fancy permission bits anyway. + '' + substituteInPlace Makefile.in --replace '$(INSTALL) -m 4711' '$(INSTALL) -m 0711' + ''; + + strictDeps = true; + nativeBuildInputs = [ autoreconfHook pkg-config ] + # This is not the same as the libkrb5 from the inputs! pkgs.libkrb5 is + # needed here to access krb5-config in order to cross compile. See: + # https://github.com/NixOS/nixpkgs/pull/107606 + ++ lib.optional withKerberos pkgs.libkrb5 + ++ extraNativeBuildInputs; + buildInputs = [ zlib libressl libedit ] + ++ lib.optional withFIDO libfido2 + ++ lib.optional withKerberos libkrb5 + ++ lib.optional withPAM pam; + + preConfigure = '' + # Setting LD causes `configure' and `make' to disagree about which linker + # to use: `configure' wants `gcc', but `make' wants `ld'. + unset LD + ''; + + # I set --disable-strip because later we strip anyway. And it fails to strip + # properly when cross building. + configureFlags = [ + "--sbindir=\${out}/bin" + "--localstatedir=/var" + "--with-pid-dir=/run" + "--with-mantype=man" + "--with-libedit=yes" + "--disable-strip" + (lib.withFeature withPAM "pam") + ] ++ lib.optional (etcDir != null) "--sysconfdir=${etcDir}" + ++ lib.optional withFIDO "--with-security-key-builtin=yes" + ++ lib.optional withKerberos (assert libkrb5 != null; "--with-kerberos5=${libkrb5}") + ++ lib.optional stdenv.isDarwin "--disable-libutil" + ++ lib.optional (!linkOpenssl) "--without-openssl" + ++ extraConfigureFlags; + + ${if stdenv.hostPlatform.isStatic then "NIX_LDFLAGS" else null}= [ "-laudit" ] ++ lib.optionals withKerberos [ "-lkeyutils" ]; + + buildFlags = [ "SSH_KEYSIGN=ssh-keysign" ]; + + enableParallelBuilding = true; + + hardeningEnable = [ "pie" ]; + + doCheck = true; + enableParallelChecking = false; + nativeCheckInputs = [ libressl ] ++ lib.optional (!stdenv.isDarwin) hostname; + preCheck = lib.optionalString (stdenv.hostPlatform == stdenv.buildPlatform) '' + # construct a dummy HOME + export HOME=$(realpath ../dummy-home) + mkdir -p ~/.ssh + + # construct a dummy /etc/passwd file for the sshd under test + # to use to look up the connecting user + DUMMY_PASSWD=$(realpath ../dummy-passwd) + cat > $DUMMY_PASSWD < ~/.ssh/environment.base < regress/test-exec.sh.new <> $HOME/.ssh/environment + EOF + mv regress/test-exec.sh.new regress/test-exec.sh + + # explicitly enable the PermitUserEnvironment feature + substituteInPlace regress/test-exec.sh \ + --replace \ + 'cat << EOF > $OBJ/sshd_config' \ + $'cat << EOF > $OBJ/sshd_config\n\tPermitUserEnvironment yes' + + # some tests want to use files under /bin as example files + for f in regress/sftp-cmds.sh regress/forwarding.sh; do + substituteInPlace $f --replace '/bin' "$(dirname $(type -p ls))" + done + + # set up NIX_REDIRECTS for direct invocations + set -a; source ~/.ssh/environment.base; set +a + ''; + # integration tests hard to get working on darwin with its shaky + # sandbox + # t-exec tests fail on musl + checkTarget = lib.optional (!stdenv.isDarwin && !stdenv.hostPlatform.isMusl) "t-exec" + # other tests are less demanding of the environment + ++ [ "unit" "file-tests" "interop-tests" ]; + + installTargets = [ "install-nokeys" ]; + installFlags = [ + "sysconfdir=\${out}/etc/ssh" + ]; + + passthru.tests = { + borgbackup-integration = nixosTests.borgbackup; + }; + + meta = with lib; { + description = "An implementation of the SSH protocol${extraDesc}"; + homepage = "https://www.openssh.com/"; + changelog = "https://www.openssh.com/releasenotes.html"; + license = licenses.bsd2; + platforms = platforms.unix ++ platforms.windows; + maintainers = (extraMeta.maintainers or []) ++ (with maintainers; [ eelco aneeshusa ]); + mainProgram = "ssh"; + } // extraMeta; +} diff --git a/pkgs/openssh/default.nix b/pkgs/openssh/default.nix new file mode 100644 index 0000000..2efc987 --- /dev/null +++ b/pkgs/openssh/default.nix @@ -0,0 +1,23 @@ +{ + callPackage, + lib, + fetchFromGitHub, +}: let + inherit (builtins) readFile fromJSON; + common = opts: callPackage (import ./common.nix opts) {}; + verStr = fromJSON (readFile ./version.json); +in { + openssh = common { + pname = "openssh"; + inherit (verStr) version; + + src = fetchFromGitHub { + inherit (verStr) rev hash; + owner = "openssh"; + repo = "openssh-portable"; + }; + + extraPatches = [./ssh-keysign-8.5.patch]; + extraMeta.maintainers = with lib.maintainers; [qbit]; + }; +} diff --git a/pkgs/openssh/dont_create_privsep_path.patch b/pkgs/openssh/dont_create_privsep_path.patch new file mode 100644 index 0000000..23f3ab6 --- /dev/null +++ b/pkgs/openssh/dont_create_privsep_path.patch @@ -0,0 +1,12 @@ +diff --git i/Makefile.in w/Makefile.in +index 04e1c8e5..9bd5d01b 100644 +--- i/Makefile.in ++++ w/Makefile.in +@@ -329,7 +329,6 @@ install-files: + $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)5 + $(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8 + $(MKDIR_P) $(DESTDIR)$(libexecdir) +- $(MKDIR_P) -m 0755 $(DESTDIR)$(PRIVSEP_PATH) + $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add$(EXEEXT) $(DESTDIR)$(bindir)/ssh-add$(EXEEXT) diff --git a/pkgs/openssh/locale_archive.patch b/pkgs/openssh/locale_archive.patch new file mode 100644 index 0000000..3fe4a21 --- /dev/null +++ b/pkgs/openssh/locale_archive.patch @@ -0,0 +1,15 @@ +diff --git i/session.c w/session.c +index 58826db1..658dd911 100644 +--- i/session.c ++++ w/session.c +@@ -1053,6 +1053,10 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) + if (getenv("TZ")) + child_set_env(&env, &envsize, "TZ", getenv("TZ")); + ++ /* NixOS path to the glibc locale archive, to be set in the systemd job */ ++ if (getenv("LOCALE_ARCHIVE")) ++ child_set_env(&env, &envsize, "LOCALE_ARCHIVE", getenv("LOCALE_ARCHIVE")); ++ + /* Set custom environment options from pubkey authentication. */ + if (options.permit_user_env) { + for (n = 0 ; n < auth_opts->nenv; n++) { diff --git a/pkgs/openssh/ssh-keysign-8.5.patch b/pkgs/openssh/ssh-keysign-8.5.patch new file mode 100644 index 0000000..67c45b6 --- /dev/null +++ b/pkgs/openssh/ssh-keysign-8.5.patch @@ -0,0 +1,24 @@ +diff --git a/pathnames.h b/pathnames.h +index cb44caa4..354fdf05 100644 +--- a/pathnames.h ++++ b/pathnames.h +@@ -124,7 +124,7 @@ + + /* Location of ssh-keysign for hostbased authentication */ + #ifndef _PATH_SSH_KEY_SIGN +-#define _PATH_SSH_KEY_SIGN "/usr/libexec/ssh-keysign" ++#define _PATH_SSH_KEY_SIGN "ssh-keysign" + #endif + + /* Location of ssh-pkcs11-helper to support keys in tokens */ +--- a/sshconnect2.c ++++ b/sshconnect2.c +@@ -2021,7 +2021,7 @@ + + debug3_f("[child] pid=%ld, exec %s", + (long)getpid(), _PATH_SSH_KEY_SIGN); +- execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL); ++ execlp(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL); + fatal_f("exec(%s): %s", _PATH_SSH_KEY_SIGN, + strerror(errno)); + } diff --git a/pkgs/openssh/version.json b/pkgs/openssh/version.json new file mode 100644 index 0000000..66d04e2 --- /dev/null +++ b/pkgs/openssh/version.json @@ -0,0 +1 @@ +{"rev":"f98031773db361424d59e3301aa92aacf423d920","hash":"sha256-MxEwe4x/PIjofzGzQC4LhladRQT5AcnDa+BwMm0DQx4=","version":"2023-08-29"} diff --git a/pkgs/rtlamr.nix b/pkgs/rtlamr.nix new file mode 100644 index 0000000..8886fb8 --- /dev/null +++ b/pkgs/rtlamr.nix @@ -0,0 +1,27 @@ +{ + lib, + buildGoModule, + fetchFromGitHub, + ... +}: +with lib; + buildGoModule rec { + pname = "rtlamr"; + version = "0.9.3"; + + src = fetchFromGitHub { + owner = "bemasher"; + repo = pname; + rev = "v${version}"; + hash = "sha256-0LufLU/wTmCRqTnQBNJg5UnDv0u1Thec5FSWATWqZsQ="; + }; + + vendorHash = "sha256-uT6zfsWgIot0EMNqwtwJNFXN/WaAyOGfcYJjuyOXT4g="; + + meta = { + description = "rtl-sdr receiver for Itron ETR meters"; + homepage = "https://github.com/bemasher/rtlamr"; + license = licenses.agpl3; + maintainers = with maintainers; [qbit]; + }; + } diff --git a/pkgs/rtlamr2mqtt.nix b/pkgs/rtlamr2mqtt.nix new file mode 100644 index 0000000..2b379d8 --- /dev/null +++ b/pkgs/rtlamr2mqtt.nix @@ -0,0 +1,42 @@ +{ + buildPythonPackage, + callPackage, + fetchFromGitHub, + paho-mqtt, + pyusb, + pyyaml, + requests, + rtl-sdr, + ... +}: let + rtlamr = callPackage ./rtlamr.nix {}; +in + buildPythonPackage { + pname = "rtlamr2mqtt"; + version = "unstable-2023-08-17"; + + format = "none"; + + nativeBuildInputs = []; + propagatedBuildInputs = [paho-mqtt pyyaml requests pyusb rtlamr rtl-sdr]; + + doCheck = false; + doBuild = false; + + installPhase = '' + mkdir -p $out/bin + cp rtlamr2mqtt-addon/rtlamr2mqtt.py $out/bin/rtlamr2mqtt + cp rtlamr2mqtt-addon/sdl_ids.txt $out/ + ''; + + src = fetchFromGitHub { + owner = "qbit"; + repo = "rtlamr2mqtt"; + hash = "sha256-WqW+RZQhwYAIvBAizO3/7SdlhWR9ZIIliEq76XwsUEo="; + rev = "631504e"; + }; + + meta = { + mainProgram = "rtlamr2mqtt"; + }; + } diff --git a/pkgs/secretive.nix b/pkgs/secretive.nix index ff7a78f..a248933 100644 --- a/pkgs/secretive.nix +++ b/pkgs/secretive.nix @@ -7,12 +7,12 @@ }: stdenv.mkDerivation rec { pname = "secretive"; - version = "2.2.0"; + version = "2.3.1"; src = fetchurl { name = "Secretive-${version}.zip"; url = "https://github.com/maxgoedjen/secretive/releases/download/v${version}/Secretive.zip"; - hash = "sha256-gjB8bevzbgYZ1GtAVMK+IBp9eP+Y79s8RhK/sdg7AI8="; + hash = "sha256-STpyNiiYtEgLqnDxFdlRW0Gyr0pQPK8AJ34rw4JLC70="; }; buildInputs = [unzip]; diff --git a/pkgs/sliding-sync.nix b/pkgs/sliding-sync.nix index 8f26ada..a25fb02 100644 --- a/pkgs/sliding-sync.nix +++ b/pkgs/sliding-sync.nix @@ -7,16 +7,16 @@ with lib; buildGoModule rec { pname = "sliding-sync"; - version = "0.99.3"; + version = "0.99.8"; src = fetchFromGitHub { owner = "matrix-org"; repo = pname; - rev = "v${version}"; - hash = "sha256-lmmOq0gkvrIXQmy3rbTga0cC85t0LWjDOqrH1NWUpdA="; + rev = "8e096656f58ffdc15ac5b08fc088eee1187a4a99"; + hash = "sha256-4rYLHUlHbQ6KnxyXCCLqG4/zfXdZm4KZX1cOg5ITQPk="; }; - vendorHash = "sha256-447P2TbBUEHmHubHiiZCrFVCj2/tmEuYFzLo27UyCk4="; + vendorHash = "sha256-JYSpjAgIvQFpYmOTifRXHVB6bSrukqSVhmAAmHylPbQ="; # Note: tests require a postgres install accessible to the current user doCheck = false; diff --git a/pkgs/yarr.nix b/pkgs/yarr.nix index e6e1eac..51c1783 100644 --- a/pkgs/yarr.nix +++ b/pkgs/yarr.nix @@ -7,14 +7,13 @@ with lib; buildGoModule rec { pname = "yarr"; - version = "2023-05-16"; + version = "2.4"; src = fetchFromGitHub { owner = "nkanaev"; repo = pname; - #rev = "v${version}"; - rev = "7d99edab8d3c054e75feba183bd76fead15712f1"; - sha256 = "sha256-gOydL1SyM1bGbErpefWlwhjLWH6j0GGpI/F0kEBHxic="; + rev = "v${version}"; + sha256 = "sha256-ZMQ+IX8dZuxyxQhD/eWAe4bGGCVcaCeVgF+Wqs79G+k="; }; vendorHash = null; diff --git a/pull_requests/238572.json b/pull_requests/238572.json deleted file mode 100644 index c37ad85..0000000 --- a/pull_requests/238572.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "branches": [ - "master", - "nixos-unstable-small", - "nixpkgs-unstable", - "staging", - "staging-next" - ], - "error": "", - "pull_request": 238572, - "release": "unstable", - "status": "open", - "status_info": { - "master": true, - "nixos-unstable": false, - "nixos-unstable-small": true, - "nixpkgs-unstable": true, - "staging": true, - "staging-next": true - }, - "title": "tidal-hifi: 5.1.0 -> 5.2.0" -} diff --git a/pull_requests/238779.json b/pull_requests/238779.json deleted file mode 100644 index 2c8990f..0000000 --- a/pull_requests/238779.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "branches": [ - "master", - "nixos-unstable-small", - "nixpkgs-unstable", - "staging", - "staging-next" - ], - "error": "", - "pull_request": 238779, - "release": "unstable", - "status": "open", - "status_info": { - "master": true, - "nixos-unstable": false, - "nixos-unstable-small": true, - "nixpkgs-unstable": true, - "staging": true, - "staging-next": true - }, - "title": "nixd: 1.0.0 -> 1.1.0" -} diff --git a/pull_requests/239176.json b/pull_requests/239176.json deleted file mode 100644 index fa72609..0000000 --- a/pull_requests/239176.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "branches": [], - "error": "", - "pull_request": 239176, - "release": "stable", - "status": "open", - "status_info": {}, - "title": "tailscale: 1.42.0 -> 1.44.0" -} diff --git a/pull_requests/238845.json b/pull_requests/252544.json similarity index 62% rename from pull_requests/238845.json rename to pull_requests/252544.json index f51f138..fc9cd8d 100644 --- a/pull_requests/238845.json +++ b/pull_requests/252544.json @@ -1,20 +1,17 @@ { "branches": [ - "nixos-23.05-small", - "nixpkgs-23.05-darwin", "release-23.05", "staging-23.05", "staging-next-23.05" ], "error": "", - "pull_request": 238845, + "pull_request": 252544, "release": "stable", "status": "open", "status_info": { - "nixos-23.05-small": false, "release-23.05": true, "staging-23.05": true, "staging-next-23.05": true }, - "title": "matrix-synapse: 1.85.2 -> 1.86.0" + "title": "matrix-synapse: 1.90.0 -> 1.91.0" } diff --git a/xintray-logo.png b/xintray-logo.png new file mode 100644 index 0000000..dd18b00 Binary files /dev/null and b/xintray-logo.png differ